Malware Analysis Report

2025-01-17 22:51

Sample ID 240603-p9h4ssfc41
Target https://urlr.me/XzNvy
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://urlr.me/XzNvy was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:01

Reported

2024-06-03 13:04

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

150s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://urlr.me/XzNvy"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2028 wrote to memory of 2892 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 3676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://urlr.me/XzNvy"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://urlr.me/XzNvy

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.0.742353890\1284926248" -parentBuildID 20230214051806 -prefsHandle 1792 -prefMapHandle 1784 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c3c2a61-b477-472b-9aa7-c29869e5375b} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 1884 20e4cf0c658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.1.325431954\1510977633" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a744d2b8-3127-497e-b051-07103871bca5} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 2488 20e38c89c58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.2.932582882\1704553184" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27f279bd-cb22-4a00-9d42-4ba2cc5c3d75} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 3020 20e4fe49c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.3.647344018\1019861930" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5440b9d-7911-4502-b997-4369a422b073} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 3660 20e38c7ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.4.900111725\1128186111" -childID 3 -isForBrowser -prefsHandle 5160 -prefMapHandle 5112 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2a1e88e-055d-4f5a-9c48-a7ef860a62d9} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 5156 20e52636e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.5.858573417\886245653" -childID 4 -isForBrowser -prefsHandle 3156 -prefMapHandle 5420 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {222bbe98-b3bc-4760-8267-0a91cd667d97} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 5280 20e54087658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.6.137833273\565886491" -childID 5 -isForBrowser -prefsHandle 5180 -prefMapHandle 5320 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1112421-8b34-4cf2-9928-3b6ac64a0f86} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 4768 20e54087c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.7.1620050177\1305462378" -childID 6 -isForBrowser -prefsHandle 5616 -prefMapHandle 5620 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a999ce-23f9-4bc8-bf00-94f1f9236f70} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 5720 20e54085258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.8.1906231299\1470395341" -childID 7 -isForBrowser -prefsHandle 6012 -prefMapHandle 6008 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {171b2ab8-8509-4841-b43d-45103d1296a2} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 6020 20e55a9b358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.9.498451925\21284910" -childID 8 -isForBrowser -prefsHandle 5788 -prefMapHandle 5864 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8926818f-e199-4b03-9eab-5c0fa49de3d9} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 5676 20e54088258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2892.10.1090288909\2136434576" -childID 9 -isForBrowser -prefsHandle 6276 -prefMapHandle 3588 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edac811c-f44b-43e4-b61f-061e03ea2168} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" 6280 20e54916858 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 127.0.0.1:61150 tcp
US 8.8.8.8:53 urlr.me udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
FR 185.42.117.109:443 urlr.me tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 44.237.98.207:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 urlr.me udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 urlr.me udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 109.117.42.185.in-addr.arpa udp
US 8.8.8.8:53 207.98.237.44.in-addr.arpa udp
US 8.8.8.8:53 edutechorg-my.sharepoint.com udp
US 13.107.136.10:443 edutechorg-my.sharepoint.com tcp
US 8.8.8.8:53 dual-spo-0005.spo-msedge.net udp
US 8.8.8.8:53 dual-spo-0005.spo-msedge.net udp
US 8.8.8.8:53 10.136.107.13.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 shell.cdn.office.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 23.211.97.128:443 shell.cdn.office.net tcp
US 8.8.8.8:53 e19254.dscg.akamaiedge.net udp
US 8.8.8.8:53 e19254.dscg.akamaiedge.net udp
US 8.8.8.8:53 res-1.cdn.office.net udp
US 8.8.8.8:53 e40491.dscd.akamaiedge.net udp
US 8.8.8.8:53 e40491.dscd.akamaiedge.net udp
SE 92.123.135.97:443 res-1.cdn.office.net tcp
SE 92.123.135.97:443 res-1.cdn.office.net tcp
SE 92.123.135.97:443 res-1.cdn.office.net tcp
SE 92.123.135.97:443 res-1.cdn.office.net tcp
SE 92.123.135.97:443 res-1.cdn.office.net tcp
SE 92.123.135.97:443 res-1.cdn.office.net tcp
SE 92.123.135.97:443 res-1.cdn.office.net udp
SE 92.123.135.97:443 res-1.cdn.office.net udp
N/A 127.0.0.1:61157 tcp
US 8.8.8.8:53 128.97.211.23.in-addr.arpa udp
US 8.8.8.8:53 97.135.123.92.in-addr.arpa udp
US 8.8.8.8:53 mobile.events.data.microsoft.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 20.189.173.18:443 mobile.events.data.microsoft.com tcp
US 20.189.173.18:443 mobile.events.data.microsoft.com tcp
US 20.189.173.18:443 mobile.events.data.microsoft.com tcp
US 20.189.173.18:443 mobile.events.data.microsoft.com tcp
US 8.8.8.8:53 onedscolprdwus15.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus15.westus.cloudapp.azure.com udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 res.cdn.office.net udp
SE 92.123.135.93:443 res.cdn.office.net tcp
US 8.8.8.8:53 e40491.dscg.akamaiedge.net udp
US 8.8.8.8:53 e40491.dscg.akamaiedge.net udp
SE 92.123.135.93:443 res.cdn.office.net udp
US 8.8.8.8:53 dual-spo-0005.spo-msedge.net udp
US 8.8.8.8:53 93.135.123.92.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 mobile.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdeus05.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdeus05.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 res-2.cdn.office.net udp
US 8.8.8.8:53 sni1gl.wpc.sigmacdn.net udp
US 152.199.21.175:443 sni1gl.wpc.sigmacdn.net tcp
US 152.199.21.175:443 sni1gl.wpc.sigmacdn.net tcp
US 152.199.21.175:443 sni1gl.wpc.sigmacdn.net tcp
US 152.199.21.175:443 sni1gl.wpc.sigmacdn.net tcp
US 152.199.21.175:443 sni1gl.wpc.sigmacdn.net tcp
US 152.199.21.175:443 sni1gl.wpc.sigmacdn.net tcp
US 8.8.8.8:53 sni1gl.wpc.sigmacdn.net udp
US 152.199.21.175:443 sni1gl.wpc.sigmacdn.net udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
SE 92.123.135.97:443 res-1.cdn.office.net tcp
SE 92.123.135.97:443 res-1.cdn.office.net tcp
SE 92.123.135.97:443 res-1.cdn.office.net udp
US 152.199.21.175:443 sni1gl.wpc.sigmacdn.net udp
US 8.8.8.8:53 www.wflboces.org udp
US 104.17.166.123:443 www.wflboces.org tcp
US 8.8.8.8:53 clients.finalsitecdn.com udp
US 8.8.8.8:53 clients.finalsitecdn.com udp
US 104.17.166.123:443 clients.finalsitecdn.com udp
US 8.8.8.8:53 123.166.17.104.in-addr.arpa udp
US 8.8.8.8:53 shell.cdn.office.net udp
US 8.8.8.8:53 southcentralus1-1.pushnp.svc.ms udp
US 8.8.8.8:53 e19254.dscg.akamaiedge.net udp
US 8.8.8.8:53 e19254.dscg.akamaiedge.net udp
US 8.8.8.8:53 southcentralus1-1-pushnp.trafficmanager.net udp
US 52.111.239.58:443 southcentralus1-1-pushnp.trafficmanager.net tcp
US 8.8.8.8:53 southcentralus1-1-pushnp.trafficmanager.net udp
US 8.8.8.8:53 r4.res.office365.com udp
SE 92.123.135.74:443 r4.res.office365.com tcp
US 8.8.8.8:53 config.fp.measure.office.com udp
US 8.8.8.8:53 southcentralus1-1.pushnp.svc.ms udp
US 52.111.239.58:443 southcentralus1-1.pushnp.svc.ms tcp
US 13.107.6.163:443 config.fp.measure.office.com tcp
US 8.8.8.8:53 b-0008.b-msedge.net udp
US 8.8.8.8:53 b-0008.b-msedge.net udp
US 8.8.8.8:53 74.135.123.92.in-addr.arpa udp
US 8.8.8.8:53 163.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 58.239.111.52.in-addr.arpa udp
US 8.8.8.8:53 mobile.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus09.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus09.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.65.84:443 browser.events.data.microsoft.com tcp
US 20.42.65.84:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 onedscolprdeus02.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdeus02.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 dual-spo-0005.spo-msedge.net udp
US 8.8.8.8:53 edutechorg.sharepoint.com udp
US 13.107.136.10:443 edutechorg.sharepoint.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 mobile.events.data.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus04.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus04.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdfrc04.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdfrc04.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 d6742ff65e4ff35260612856ae5770d1.fp.measure.office.com udp
US 52.96.54.226:443 d6742ff65e4ff35260612856ae5770d1.fp.measure.office.com tcp
US 8.8.8.8:53 dsm-mvp.trafficmanager.net udp
US 8.8.8.8:53 dsm-mvp.trafficmanager.net udp
US 8.8.8.8:53 tr-ooc-atm.office.com udp
GB 52.97.211.82:443 tr-ooc-atm.office.com tcp
US 8.8.8.8:53 mira-ooc.tm-4.office.com udp
US 8.8.8.8:53 mira-ooc.tm-4.office.com udp
US 8.8.8.8:53 tr-ooc-acdcatm.office.com udp
GB 52.97.179.226:443 tr-ooc-acdcatm.office.com tcp
US 8.8.8.8:53 LHR-efz.ms-acdc.office.com udp
US 8.8.8.8:53 LHR-efz.ms-acdc.office.com udp
US 8.8.8.8:53 226.54.96.52.in-addr.arpa udp
US 8.8.8.8:53 82.211.97.52.in-addr.arpa udp
US 8.8.8.8:53 226.179.97.52.in-addr.arpa udp
US 8.8.8.8:53 upload.fp.measure.office.com udp
US 13.107.6.163:443 upload.fp.measure.office.com tcp
US 8.8.8.8:53 b-0008.b-msedge.net udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 152.199.21.175:443 sni1gl.wpc.sigmacdn.net udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 mobile.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus12.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus12.westus.cloudapp.azure.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 mobile.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus01.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus01.westus.cloudapp.azure.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.197:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 197.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\activity-stream.discovery_stream.json.tmp

MD5 ff0e46bdb8d9195ace6e0e8d31c21a0f
SHA1 87dcd495a9d062f312d79b23caeed12db41b697e
SHA256 99edf3c6a9258ed31fc0dc627ccf6bf22158c5468ef28e1bfc6671c4e97b15bf
SHA512 0aeda2317c61ece6719e99d5ca5aa1bb7cfa7e2fecaf7a1993ab6ae70fd48ceb3b5d1b903c6f12d531a860e26a692499f5f69157e3f9bf83b3dc4ce39b4058c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\cache\morgue\134\{878a42b0-84ce-41bf-9517-11e750e69986}.final

MD5 0d919d981d1b0fa41f1edcc0c05b0e86
SHA1 30a5b6bd91f53db8ad2883fd9bc7660aa6f8cbdd
SHA256 6e6af627b4405b2c8df0b328f961626abe5a286f4ef065abef9be258203f825c
SHA512 b70082ca615f078283260ac7bd0109b54866159c68f274dde5031a84810bf9dad9ed6246da7974f6619b9274276c8b53b3ff74e4251b3c2c13a2c912ba78bbae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\idb\3217723701OBDDS_P.sqlite

MD5 7bf58a4122367b7e20a1e5b3b8c1b1dd
SHA1 4f71a09e4cf92af1e2704e59cc5d3b336a7f3153
SHA256 af1fbd691e676b64b1d19739875a8712d56e5f1d3c62043570e2ea2117c9b8d5
SHA512 2f186e453dbc5788cba5632cea08dafb9c0ff6de6db7fa4a448d7933437926b537566db145df64a7adeae063ebbd4ef1a6fab1b3218b7bf3aeb78130127b5bc5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\idb\276181416SyWr.tTeemle.sqlite-wal

MD5 365b938858e71f68e0c0fa0bb4fe7d0c
SHA1 09baadb40eb5beeb54130bd95a71e86792eb158a
SHA256 1b2f0c85c33e1db31aaea73f867b57d74c26e0e7a1220f7530d18c4e91a8800a
SHA512 79c9039170798ee139b06fcd9a85c0a983ca51f6307353e1c3c4a490b84cc566c2459c172eeead3d3d71df1a0cd96df87a0af66fd318fcba6fabd5da9068c69b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\cache\morgue\46\{fd94204c-8c04-4c33-8b37-05630bba642e}.tmp

MD5 28af1bc06de4745fbae3933856696117
SHA1 f5d648b80aac0622d17472f4a391e7477f3efe7e
SHA256 b78dedfd77d7ce2279cbf4d1d263c69eb22bc79f5cbc996fde0f0e1ce9ba1395
SHA512 45c6bfa0efa89a757512b550d4cbf8695748f7a47b87ec836ab22adf5ac5b10c5a93aca1248a8a026298b4506697b0e2ce5e01801740b063c79ac9ad3848ab96

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\C098095235762C640B77B4CFE0B5B3B67FE6058D

MD5 53bdba8b81ae82a8bed1fc99d8e9f180
SHA1 9fa6345be949986580480f7106e55548dbb502e9
SHA256 cbd0b40a9be6ca9a9c3051f0948828571a31f316dc2559a71afbb74a56383796
SHA512 a50dbface4dfa63ba95fabb869e00d4b1cd6296a35e7771123755c749249324e83a81400ee708f4c67536ba394f89e3d96028ed8b40a5baadf908a80099a29e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\serviceworker-1.txt

MD5 2911f6d906ee5907895025764ff153b3
SHA1 00f6a40f0906ad50bf1808e8b67734aba6c6a412
SHA256 f9244b11293e36c0600b6e37384963abb8b73d43d5eb37173c2e17e1f6493957
SHA512 a03319380e07411688dabe9bbb39318f8b078e6ceaf320c2c81b1393783b3f9c6ea35d322ba7e61d2967c3ded2d595a98d7bce53060bba76226f2e1328e80c6b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\serviceworker.txt

MD5 62c55c56065ad4ebc78af45d97aa8bbb
SHA1 cbf5a6c341d810f8921c05c07407a3a14e3b56c8
SHA256 1c91f0bc2d8a3fae06bf5726dc85cfaee2a6d300e90edad95fb980f9b71d0f4d
SHA512 f6c228c4f381dcf3de2fefa9ea3867e39b42ab9ba66753c6b1698c42e742733ea8c3523826e547a3108ee10007446d7cdb5ca98a185a2579c4b73b99860af76c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\idb\584806114SgPiFfxn.oC.sqlite

MD5 8f5586fb56fb7d213837acdeebf5e325
SHA1 763c706933022b4b092b87dd89b21c820a64e011
SHA256 899d018b81bbd93777c836bd120a951196759e3145a9e1e63324a109f87e89af
SHA512 b8be065b28386ed91e381f47e04e6960a1d88c1c0784ea102db3fa701b87fd299259ab326182fb339988493e5447be6ebe4487ef8e0bc645d40551433345af45

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\idb\276181416SyWr.tTeemle.sqlite-wal

MD5 c5e7ac26980193646967d336323adbdb
SHA1 61f34d8890f55de559adbf70515bfc2afb44db0f
SHA256 c93acf3b411a28c259784d10d01e0d2344a659c835f04ea5eadcc7834b8fccf9
SHA512 18500421ff0343374643b73ff8b40b3bb28fd280d242f426696e02899457f180b560c9e468980a36ec826ee848860b6954fdf57f842734e9af78b8a843e393c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js

MD5 0c911f47e602b1700b480df7a10f6212
SHA1 63093a4acce2e7a30ebc3441e8943964ba8af784
SHA256 311186b05322a14e352115401143330494ca9c14b6f0370f4c2427272f353e98
SHA512 4d8481d65813e3493f71a689d39b377524388c627910ba8035ec302ec6c2a2aae41d134f80232fa8db649e2715e4d1a27031a76b514e340cad9cd64c01049cf1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 52d4a4be3d96aee0aeafd0a1049a2588
SHA1 73a4844e2a30b74309064d8975216960b0dd2861
SHA256 3004afbffe2aabf05ee5e588979d5e9b7704160d1420dc9530a3b15a80c10c09
SHA512 b76e323625ea80995a8a49d1b7d2578f4037535f994afc1bdb661be267630d081c4771da0b8c55ef74f1d1983712c7efdf04f0db432af465cf10b99dbfee5896

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\idb\276181416SyWr.tTeemle.sqlite

MD5 b96978635b2a5a1bb9afd23cc765a3a2
SHA1 4e3b2dab4ee9f7c7fd5f878bbb6d00da30eca5fb
SHA256 d0f662a1b56d469ec808988cee3abdadb88954d53baf50a4c96c9881f8cce8bb
SHA512 bd395a541280a0839a876b35285db793721ad46e2ec85bc37b89de1dc596cb7f25d4fdd58511056c4889baf1c616719a3a8e5a6a64da9ba02c3611c791265cc8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\idb\276181416SyWr.tTeemle.sqlite-wal

MD5 ac4556fff61a0e96cbb7466ae0001dce
SHA1 89717bdafc7fe90832dd6edc9e4c56b8b7e56585
SHA256 086246bdfb34afc179ed1c28dd725cafd237b11018144d25e25a4542a4d9ef9a
SHA512 0a2446dc8fcf75d36f522310a09c4bbfaca1b24003d724fa682f6f1ac216ffc235c38982b666a1c34ffbd6082861f9bc11b69eb2dc4c8cafc9192614eaf756de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\cache\morgue\154\{0477e53e-ba1c-437c-921f-6d040c6ba89a}.final

MD5 4e3b74336e16e2ae0b028b969437d956
SHA1 96f818c7e54249cbeda15049e5243caa6dcf589c
SHA256 1e48b64fbc8ddfc38b00f58099c7d313a520700627ebf086106bac7efaad83b1
SHA512 c3a591ad164286a22ec22ec6928c8645a9500e0d541bc56a1ccfa52dc289fb51d75328cf0d27b01158556d55f0b137b840bdf40d8869a7c6b3f900474e4afa04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\cache\morgue\246\{4ddf1a28-0013-47e3-ba34-ab3cfcf889f6}.final

MD5 c05ee94cb7f62394eee76731b38804e9
SHA1 28ef5770a1ec5a41442640f29bc8b11ef29f8f45
SHA256 6512115897b85b646641dd4e0b0d2d4e07cea5ffc3c69a2c74a91e270d8932a3
SHA512 6b94170cd8d91d6c86f1c5c651c162b1b8645fd09e59b2819dd9c0266b57d0f3f22145b15ac29ee593f3de9f3015d83e28fa14fcd8922950406381b640fbe706

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\cache\morgue\73\{deee0e48-554c-43be-b7eb-dc1806e2a449}.final

MD5 ca58d926101c8133e795778a7ecfaf24
SHA1 1336cf00043513b199292f5ffeddfa35a5172d43
SHA256 34ed693311e07e88a340fdb7e96295d014fe9a4cc5381378178c39437d7be0ef
SHA512 ad35a9afc02dd64383f5964af3cd7c6781246b7e9771a23e7788cd93b6697c923158dbd787bd926145c1e4444a373937db1de16e862d6f19e6a657a47ab3de16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\cache\morgue\147\{a0eba6ef-9fea-4067-9152-51bcf7db1993}.final

MD5 32648cfe2bd22e65875b8d58f5d71516
SHA1 de94e8c24d13f5760bc6eb82799bd31645e61bfd
SHA256 cd5bff4c7e51e1a990395e1d5268b9d3d146c3ea1dffea768cb21cf1beffb6ab
SHA512 f46e87e376879fffe4c44723a90530924e76d05dbfb0ef9c0161eaa4ac7697246477b2df86adb3b643fe52e5b15ddc17f59ffb7733e2ea83f18c89fb077dae70

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\cache\morgue\46\{173c4fc8-3eca-4dcc-b754-f47f703bd72e}.final

MD5 827a23dcebe6e8fa4270486689d147d6
SHA1 a451999426f3cc69d1310668b9161d2c1d5f896e
SHA256 db91045659b4a91f3f9d0cdd7e6be9199913b365d30e90c175e719b9908096be
SHA512 fc15de1523014b1b5112940d34074375245e0b375ab3d1bb522f9d38d8319f77d6813d81e4dceb84ea3448d46d3986f664d870f36b18167456ed87d45d62174b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js

MD5 e2d86b4fb5dcc7f063266182059740b3
SHA1 226c2a28b5a53ca10d3cabfe632d9e4bfe6f9992
SHA256 39365488536093dd3f617b5f6432a223e0d6d098f542a41c7676ea89496377a1
SHA512 ef34e58d8bf8ad5971c6cb1107150ce41a6a60fb5cbc062a3a82b61097afc0cce665edcd7ed321feed0759be59ca5719ace3f2d4da6120d21e1dee6f851c9124

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8464548db9558aa921c7605ad03d7fe0
SHA1 7de6cae000a0749601dce2cd4ba7fe0bf34e7288
SHA256 b19e04081f0bafef21f36316b9edb5b647e60c8ddddcc47b0fcaf653688f1f5e
SHA512 f22143ad7d3556f268773b609c453f877d27426ab40c23ba77aa768b6c14e93c1eaa5476e1a521d57bdf7aa79d18765feef25481295a73ed3cb9691d8ca1f8ce

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\D2CA7831D743EAF23EAC3B26974BF5D3AB52256F

MD5 360b4cd6b9641a7c6a4ae30b68f233a2
SHA1 6ee5f55ec14d50c361e0a4d7b40035ffd855b9ed
SHA256 3b9aa82abc3f7039757aa71ed07dc4a99ca931d93d0ef37fca1d9e9a6de601d8
SHA512 957f35755d192f0dabf909f1550bdb10e5ab56de1d90c49b667a9407b8c9c47353deff8b962e64dded1d51a2d4e4e3b9af30eab1510807658a5c1edd9d77dfc7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 50620a0c9fba5a6ebeb1bc044af7a459
SHA1 4b703d3a29ff506eea2c446d18c161b520a44eac
SHA256 b2176df50666d465a8fa134bc059b19ec6c61973d3979ad8de5cd11d6c227034
SHA512 a7358777bcefe83bf8477c8df41caab71827b81ec1ea33ea60b60fb4a830aba453962c8adc9101aa801df2885e990ada64612521e4adae5057f5490874049c03

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fb8e4c18dd23ab4f8cf8f24bb39daf99
SHA1 984b69107d630b8f12587a49eaed7ead0ef42988
SHA256 9cd47e3af6a4c1ecf12d4b7d4381afed582f721a96fa86bd6700095540f5bbb6
SHA512 d1f9b30809104455a5f57bf36787e5b6841c02c14266d35b92ea0289d5e0c274d42aa284f6137326000be96e194d80d2c9703d8f5618ac82f27c7224a9ab2dfa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++edutechorg-my.sharepoint.com\idb\3215510899Sgiitfen.oC.sqlite

MD5 e9488d5b7ea60612c6d4454cbd37c6d8
SHA1 c2909a486c7cff772c4c0a1d442c3e72107e8900
SHA256 61cf5aaa292b1b073b1264cb437f8a20776b6947796c44ab933118032fce5e64
SHA512 c95e711164386aa3b8bc3ccc36696dcdf8b406de322658afe47e44281f043c8317a6c35573f486dbf7b49594345b65014d115a9cd8e645b2b92119fbe41becf0

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

MD5 bf3801783498763615fe1e33fb866559
SHA1 d9534162c02e149234f1ef3063254323e4572be6
SHA256 27df70331a722c856fae8228f8d3ac9fadc5d0e7581ca4b928a37939731f74b3
SHA512 1e5b88fdb70eea693c4b020e53a501b80d3231d7dd79937e026a833b2469ca582b5c826905cb3c64f4246e347fece35fa8dbe2d07a891c108a315caf4ac74b77

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js

MD5 75ddc490669a20a39fd0f6da1065a962
SHA1 81721aec0cd916d56be6c8ce337ecf620071a6a8
SHA256 c9796fe12676d682638a1b1aedaaa9d31fc111fcc6dc949354cc4a1bdd4af070
SHA512 eaaeed1c068bd9efbc4852fe478543bfcb71aa552075742e0e82e3ecab47448d8239cd21ef95d0116ca5c9f47ff2b92f1497e4e422c3bd57978213efea3c405b

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2