hxxps://emails[.]microsoft[.]com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTdeEGO4EhDmd06BsGXp8NCueowgBc6wWq2tF-wFGuMnC14DS_lWTHSEMiRPWoDCLx5E=/MTU3LUdRRS0zODIAAAGS3RxbIzvXE6bvBZSTtFSrprGRKqQnciZZoBRKL_SiCZqIX0gLa7VQP56hha_Ra1TT-ZkEeFY=

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2024 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTdeEGO4EhDmd06BsGXp8NCueowgBc6wWq2tF-wFGuMnC14DS_lWTHSEMiRPWoDCLx5E=/MTU3LUdRRS0zODIAAAGS3RxbIzvXE6bvBZSTtFSrprGRKqQnciZZoBRKL_SiCZqIX0gLa7VQP56hha_Ra1TT-ZkEeFY=

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4180	firefox.exe
Token: SeDebugPrivilege	4180	firefox.exe
Token: SeDebugPrivilege	4180	firefox.exe
Token: SeDebugPrivilege	4180	firefox.exe
Token: SeDebugPrivilege	4180	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4180	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 3984 wrote to memory of 4180	3984	firefox.exe	87
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 4656	4180	firefox.exe	88
PID 4180 wrote to memory of 1088	4180	firefox.exe	89
PID 4180 wrote to memory of 1088	4180	firefox.exe	89
PID 4180 wrote to memory of 1088	4180	firefox.exe	89
PID 4180 wrote to memory of 1088	4180	firefox.exe	89
PID 4180 wrote to memory of 1088	4180	firefox.exe	89
PID 4180 wrote to memory of 1088	4180	firefox.exe	89
PID 4180 wrote to memory of 1088	4180	firefox.exe	89
PID 4180 wrote to memory of 1088	4180	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTdeEGO4EhDmd06BsGXp8NCueowgBc6wWq2tF-wFGuMnC14DS_lWTHSEMiRPWoDCLx5E=/MTU3LUdRRS0zODIAAAGS3RxbIzvXE6bvBZSTtFSrprGRKqQnciZZoBRKL_SiCZqIX0gLa7VQP56hha_Ra1TT-ZkEeFY="
1⤵
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTdeEGO4EhDmd06BsGXp8NCueowgBc6wWq2tF-wFGuMnC14DS_lWTHSEMiRPWoDCLx5E=/MTU3LUdRRS0zODIAAAGS3RxbIzvXE6bvBZSTtFSrprGRKqQnciZZoBRKL_SiCZqIX0gLa7VQP56hha_Ra1TT-ZkEeFY=
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {547a4bde-a878-4606-b30f-3dab7ba33269} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" gpu
    3⤵
    PID:4656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ab0d80a-ab72-4ccd-98b7-8e0a47019d7a} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" socket
    3⤵
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3052 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa36fd43-151c-4d76-91f4-5afca49a6487} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" tab
    3⤵
    PID:4476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3700 -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81448442-0c03-4a05-920d-9fcc1c2965ec} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" tab
    3⤵
    PID:1724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4836 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4748 -prefMapHandle 4820 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cdb4e00-f555-4f48-a9ad-3bf196edc6e5} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" utility
    3⤵
    - Checks processor information in registry
    PID:4968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 3 -isForBrowser -prefsHandle 5620 -prefMapHandle 5532 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {819bb266-be2a-4baa-8440-f5b97922843a} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" tab
    3⤵
    PID:2664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 4 -isForBrowser -prefsHandle 5056 -prefMapHandle 5624 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {503f688b-a84f-4411-ba6b-583a093f7c1c} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" tab
    3⤵
    PID:4184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 5 -isForBrowser -prefsHandle 5056 -prefMapHandle 6040 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaebfe7e-81f3-4acb-9144-f30cf62d6cf8} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" tab
    3⤵
    PID:880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5908 -childID 6 -isForBrowser -prefsHandle 5796 -prefMapHandle 5784 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4115f03-de19-4b4d-863e-f99ee7a93999} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" tab
    3⤵
    PID:5376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 7 -isForBrowser -prefsHandle 5888 -prefMapHandle 5904 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbd4ef5e-ecf8-45ce-aead-bd99f50af608} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" tab
    3⤵
    PID:5388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l594d31n.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
efe895d25cd48e35063b05df6d33fb48

SHA1
038f75013f8e9632b3bd09f656b3cafcefdef318

SHA256
7acd2362101e10230b3c443973dc1d644c8c0fafc8e93e570a49e1da51cc211f

SHA512
4b4a6c80c118c682a6ff94d2f64e62dd4551b4924004aa0b4c01786b150063f92b764ce253324a0ed64cd6cff81f6c0e0ff409d13eb81893618cb0103423ce05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l594d31n.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
c2b213376e589beaf4cbdca325adf6ad

SHA1
489d6a37b8b2030176eb5643134e2c1c3afa7dae

SHA256
b90d83a3dc68c2faf163df1001f3bcae65ba0a2a0592a08e2cf904a3c90edae5

SHA512
defb042308ff9df44b6cd3c2af6fd03602e98433bd21011689c6852b94d8158e194efb4445dd65894596cc9a390af29d1680762ff96ada01f1ef762888def4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\AlternateServices.bin

Filesize
7KB

MD5
5d7e057100f47d867271154e9078dcf8

SHA1
ae049f02aa7c5a321d561fae1d25adc8e1765a5e

SHA256
72de31935a57172e44e8c7aa55db003b104ad5506bef480e6a39be6bb335c2c3

SHA512
496025d77df649ab550eeebeb4bb377af36e6b870a71123043dcd52199192dea122b4d1843587bde716820f0004678654519a486008254d3cc9d59b722d17717

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp

Filesize
19KB

MD5
d6886764039e7d35912b7a35c25b8a57

SHA1
197184b63e34f122bc93766fe1e96d0b6ef6e8d4

SHA256
e3cc311d47734017654547bd3ea9b324ae854e1a579838ee480eea7bb3104dde

SHA512
2d9d03977d8d66eda5f20feaddbd72c54e1dcb8efd0f117f06ea2080e268dc19f060f6e1e2ca5e739db6341c0833636a3a77ecdb8452d2184a319356abacc360

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp

Filesize
19KB

MD5
9900a081a2ac6f6be525066b6a16c1ef

SHA1
2f6f771127adc513c5fa82a8e7244b78a636b61b

SHA256
b055c7cfca9378789387a4c753a8a9de5e521b044f2b04622d3a8009364b2973

SHA512
4da0a7bf602af7712115a1b328a2af9c5e167f7c17f920ba4f49fe681686cb656ef2ee2882ca2e87caf2dcc4756ca178ee23f402c48fa7477537003892fdad52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
94c112b614842ae103ba99873a7672af

SHA1
67bdf44e2baa97bee23f91e365133d35e1f4bf1b

SHA256
8fd0ab14ebed9e5d57345bffa7616f879190c98751a927cc910d2d06931caeeb

SHA512
cb806425e5baa06b2baf7208ba8da1bd9886fa79e790cfa8969e7261f26fa9ce352e2a8958fc68053d98df0588dfb5b35c41289f99e486b2a6936807ca88f747

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\04aa60e9-b3b0-44b3-a25f-3aebc399660e

Filesize
982B

MD5
1a222cec7bfd426dfc9f2373a976931d

SHA1
2136c791f817fcbe17680b54034d3a9b96917624

SHA256
3669eb12ddb47c7d18f5d7e1a83200c959c738da00d05c9cee1a11dcdaef2a81

SHA512
fe49fbbf5393f944c6688a76d7ec72cbee0585f804f70587fe34cde3b3f59d1e8d4ca8a6349183e14a8c9a979e0e4fb42a4d93ae88f02dfb9dc71ba739e90f96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\321a0ae7-b568-4914-be05-5208331d47f4

Filesize
671B

MD5
22547d858420aa9301a9e627ad82de18

SHA1
5786c3dcebb764f56e35926756bf78dd731096aa

SHA256
e8317889469d5fc6f0a5609e6f16a132dda6f341a0be052383391f3a342beb3b

SHA512
e84c5eb8b0596c5534c80fd9fc77c49d2d2cb453e318bb93965dd88a524dbd7a502b260dbb4db937fb9684fccc7743546fa32e4ac2e516c3f278afb05f360839

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\5d0687c1-c35b-4363-8cc6-7d0c0807b112

Filesize
26KB

MD5
2c014ba2bb94cf456f5c7b44ec5da143

SHA1
6f7b8d6565fdb24f0b9a501c4ca50c2df0c2d9a1

SHA256
63a2eefc5f2b9310e94d2449da4da19bac7db9381f543d1852894f12ce647fe4

SHA512
d3b3fd17758736b281c492b46e3da98bb95e9bf8f558d9522b38a67c0b22c5bf3ccddc71def818408b58e65ffbd84fa8a9a9758573abcef7a85104418a6683db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs-1.js

Filesize
13KB

MD5
d769a59c1325cac612ef4cdb89f460a8

SHA1
bfbc525d45db983147f592557cb7bbb4f2523e9c

SHA256
5e5d43fe4c24b26e9abd5955cb3c875d050a7e96700b9d9330426a716235042e

SHA512
3d36a1ef15212097539921f408cfd73f889b25c83dd58b36160f929ef97f0101bab0c4286d3fe6cc49e79d3ba7c222fd73622acd2bc91420362c05c4583f0ad2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs-1.js

Filesize
12KB

MD5
8833fbee003c95ce66e73aa2ddfc990c

SHA1
1a65cbac47ff76c7bb77aa6f95f6ca3a42fb96a2

SHA256
015475d265fa94590f3f92302cbe050f8daa4e6ac9f53c2093752a2b96abc182

SHA512
6e83951affd8812899815935f72897ee915f9bd6895935c2fefd26f1afb4cf79891f08947740f23ce8f6470886be2fd2dddf6e5dab8bc6ddc1f053995c347326

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs.js

Filesize
8KB

MD5
99fb6ed342984094df8e32489d21220e

SHA1
91aed288f4b7446f8a8c2cfaad8ffe1615ba80dd

SHA256
197bfc2e6bb3ec0615abe80d5050495cce05ea1ce2a1402d59483a8fde824224

SHA512
80bfc1b6e5c1a5897bb58a6a6999b7ac35bc7724b885a2e220a8460e7eff6fed7693ec2317751bf1616abf6fe62285ab3542a74792818a11eb40687f974a1358

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs.js

Filesize
10KB

MD5
555600daa01f3156fe11263682b6347f

SHA1
04121391d0d44a35052217c022131a90cfd06184

SHA256
f59b8a8e9eee01478bd2abe4ad3bf5cf37527d3f603a775d4356c1cf0c3137f9

SHA512
a437cd43c7f21a74170bb00794968c490c04eeaca0dd1d951364229aeafb2e3214b704258f26ff6c88ec17a0ca5cc972ea13c6e2408efe1d72f81655d6011f54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs.js

Filesize
8KB

MD5
0302b97baee05be607d61df93aa0fa37

SHA1
487736e9b117876c2099c185e39fad95010225f3

SHA256
ce391785eaaac82184590df56cbe289118b719cb453f038362f56bf6b2614d04

SHA512
68d46cd63eea04f8b521f1a1f9c677fd001755ec3c8ac6925467d0245faabbab598d5f123e24efc24a83a41ca980b747907a1c197308576d89ac972b320384eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
3b072222a53f7678e76ad408ff5a91e5

SHA1
853264febff0e7a9b5935e5a15206ff2de491875

SHA256
f5ca634fd48df84a53e405b47cd7d484ceb7e802e6fec83e27c80fad84d51bfb

SHA512
64422fb92e88468451f0303b55c939318390f5451c8bca779427e20e3066413c477a6169dffdd7075dc23d28422a18ae8504ed6cec3570612f9d96b616126f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
1443064c06743323ad8231f56826d457

SHA1
0638b27ae9fe6e4cb2e9c6ef63ec2378b4656866

SHA256
8613c080751379890dcfb59842ea956b672e246d73945d4843e5abef894397e7

SHA512
a4cd249af0bc265e8ef18d07f8c974b919e4cc7586c442e15f60fd46e91e8cd9c99706af7e903b11a9e28baef63ac1991c43c25f1c4e42b4f4418dd9f1d4b36a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
6bbe961269c54affbb609f75c4539ec4

SHA1
1b9f66116b14ebe9b796d124798a016d36ed02b0

SHA256
9d7eecf9fbb084d13e17fa56e2388ddfebe5c1d5d6954a8575ef849c998b0c54

SHA512
a92b51fc3afa35180763d52600624e13afb983565207815e938284addf7877029a7f190253e6c1d2d0d1ab71e8c9eaf663001dec6d17ddf70c6bfa1595e78fe2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
896999a036292c7fef651cc86790ddca

SHA1
c94d0cec30274d730741d157c08d8f6b48ff67dd

SHA256
a2906ad97eca4b2398466baa6725da43f4e6b8008256d06d3bb7d07dafbf8579

SHA512
abed51a065788346421d70c0bed86ddb506e1b9c7b90f110b328bd4c91033faad256f4c0de2793ad850d7555e85085db673a9c617d9282989c984a326fe23ff2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
787ead018bb1eb5de113f38aee47c594

SHA1
5b5e240c1e3c11766f1e4a38a14d3b5ae62a737e

SHA256
4eeb7cad444d7b6ec8825a480158a49fc600a62b0d822c20426275512e9ceefb

SHA512
0aaa493dbef980ad683a39ab4bb9ad1104e852bc287e5f5d37cda7f84df6c8d3be2daae5ae3ee87c7d227c8c648f57b166e773c9355c27643cd41ae8a85526f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
5a199e3f257ed1f86dd731c15191a5c3

SHA1
226d75dfd1a5da83467f8f653e2c464192f60f38

SHA256
71a98a726ba58eb5d3b5ea3bcb206f22e64469256af340a087996253fd9ac12e

SHA512
9041a1ab873932c943a83604684a2ff384df660ac6cd8d431c1e090ab2c64c4ac49b4e16198d91e19aa956ed2b799ab6712c367c5e72f9899160678c360f499c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
984KB

MD5
7b2c6bf6fa09bd36e37a0814284fb649

SHA1
52588a163655ce9e6ef6008df0c414b08e623d5a

SHA256
94cbaf64bc18faee5e0d97a26428d425428076e0de65688143b0306cbdbe6da7

SHA512
c890bfbf2273e21c50b37473a02120506d281c6c5237567b29d0396e5fdc41d830d3702733d01737c5801d9964a4c2da7e623826d049f12c45338ebc1aa5bb99

Download Submit