Malware Analysis Report

2025-01-18 00:51

Sample ID 240613-rh5jtswfmk
Target http://isopik.com
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file http://isopik.com was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:12

Reported

2024-06-13 14:15

Platform

win11-20240419-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://isopik.com"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3396 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://isopik.com"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://isopik.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b0e27dc-add6-4bac-a406-2bbfa694a45c} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a3578c-10aa-44ef-a98c-6f456396aad8} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3272 -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3260 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fca37c50-6f6e-44b7-a507-09d57c2498b0} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e2e0deb-1501-4461-afac-e71647d4b743} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4372 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4380 -prefMapHandle 4344 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d5745e1-aeeb-4a2a-935c-ab30ee96cd71} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 3804 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f16495bc-c3e5-4519-93c7-0aca3a52764c} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5468 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d9b617-c868-4c77-9af0-9e8c7bf21d1e} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 5 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3ea2e5a-dc7d-4a38-8213-3351055e931d} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49737 tcp
US 8.8.8.8:53 isopik.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 127.0.0.1:49744 tcp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 isopik.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 isopik.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\a3b2b1f7-d6cb-472c-b2fc-c129f190a958

MD5 10c48b7c9897624850edfcdc4173d4d7
SHA1 06fcf3413b915a147c8d61cf9b2786d08e28bdc5
SHA256 81d0d875ba42f9007a823c1248598a6192f1bca6a610029255056cb880c5a788
SHA512 79c8703cd3af2597bff857a8ff271b1afafeb71b4bccf5f32a1eac28f5b8510ec8d425d008c24ce5efc80ecbfccb7d2247a3b1a0f5d13d6bc3442643fb7d7daf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 fc53ab8d0b78dc6a0e7c7578c10327d7
SHA1 3d90a0807c47e19e045fef0a53530f0b26903dc9
SHA256 78282d942d791b666df922f2cbe99742d673fc499fce8e9fe2039d1a5b5f8d21
SHA512 ba91eae6f9b92e62807c739ecb04d520e5996ac574032a9bb5eb7f4906260c4ca6eb15ef185724ec4f1519877160740ee75ceffb87b663c3714a2c91e4a389fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\71a7fb12-8fc1-470e-9698-77c8a0b4f163

MD5 289174a9ee88ba7642fb741ecc6d47a0
SHA1 58b4bf63e73bc613ea5070854d3c79eb857a0f6d
SHA256 29042b143772aef90f8071106813a9e3323cd5c8e2b99d06b212a965792c746d
SHA512 6555ee50cd8e6d441f39ac2145152b8fa486ea94711546bf25672b0c321badfa6c5c58d0f2084cf8229ceee56a2fd0eb62738699b82535e10e0a76f2e41227e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\658e5690-451f-4e8a-bace-7ead9ee5c266

MD5 a91d275a50af8be1b93f7a6fafb1118f
SHA1 9e1502ea5c3f1b00846dbec5bcbb643646418332
SHA256 b62b7983f86081df352fb6e4fbeec3cc611708b91581e79947af4e31e811dabe
SHA512 4dc82183f06d06dba63987c3e79861f5497c476bc705392a872e4ccefdb982652634b430db35cc431c85191049170f005de1b848365b203ee9fab0ec83c9645e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 82f2c42e58fcc80cb384bd0ccb033d85
SHA1 41b254a542b05465c9230e0f19dc8a7db685005b
SHA256 f138d058c3caffe6651aaa11416dca069425491f2bd1cb84e76cd94028030818
SHA512 8341acb7e788aeeb0017554610eea8e188dff50ab9663a6ed77b81417016fd006161af024af6c6f54fe65f92eba4b3cf7447364fa2bd2fe9e3b9ee35af2a47c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

MD5 498c63a8a93425bce8df0e22d8b0eb7b
SHA1 00c44254c37d37e787bebac774ce4b5a878b5d34
SHA256 733a8411f1596c1b030fbce7c84db7909b52d6433fde46a5a2b388d0940a8cf7
SHA512 a620a683739d02fd58e66dd4925b43af610556b0920b3b20321302b705563c9ccff5516921c877e61a2f2ae885e1b0ec72929e9b98553be45f0fc4358c96d232

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\activity-stream.discovery_stream.json.tmp

MD5 2b6b63b5e0d0f670fc0e00bcb0ed0723
SHA1 84eb5f421bf33698ed19e36bbd6ba55fd5886f75
SHA256 aa3cb80699e0d16f4d5b640255c059c755faf68992fa14210b6eb9ecb801dda5
SHA512 bbf7e734ab217531858a62b1db06529f828f11bfd6acca27e310a580cd454212408f47675ec4d86d2deab1d0fb4f8532bccd680aa0290dde7a46f310e6312778

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 89fc9b3478c5cae51f30903d5dda5264
SHA1 5a142876b316dfa1a9e0892700890475c90bcdb9
SHA256 c357c58eb353d5d564c0f1bcb3880afc44a8d17b123c75647931a65bb1593180
SHA512 38cbb6603cbb7989b24f12f2c3568e698a86d622c0ed90c7d38f76c828bd6c300de16726ca73cdb5e11baf4373c53a919d79baa511bae15f3949a1d32f5dce09

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 21d18157c6a14ac3cf014278c0b9c571
SHA1 c99a3757e3fed676e2fcf376ac66e57a764f26df
SHA256 ec756a0307ceac3ed7a00dc19e642f9fe3b130ee7f1facda4bb3133f021df51e
SHA512 635338be2026a69679607cf4e7a4c3cb90f5b3cbcec9ef795949b4de59b769673f8a38ec66db1d28cb9bef1f4f6234918cbe0f31171d9a9f115fb0cc031f4ba0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

MD5 55963377559e81119d72c3a763413474
SHA1 79a104a45a767bd3cab9f8fbad5db26450ecf7b2
SHA256 8acb99b655a345b96d0b6e1aea827cc0c7a88b29f1871ef36ba7493e189ef396
SHA512 cdd8a2868247844834c6d8e2edbc15ea6030d29a5fc272b30ad7f661004805020a682d706506a4da85eb6e8fd8f76a001c1a78d8f696b597c32773a87c11a41a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 34771cc66021f5bbaa09f69738393978
SHA1 473f94fc00d217b5169deb7432c279e7b98af1cb
SHA256 e39f7a393a0cf2d138378866cb74fb2c87e26974d1e1c142db59e55cb54f1ec7
SHA512 a3c317a825d3860a206e64ad0fd5c0ba195ef07200865d26969288e218a69bf2761c4664fa320aef520b1f25a2f9a4d817c72cd7a64add80ca5607440919d40b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 f9852f563e2cb950d860f93e6306b03c
SHA1 4b133be10d1c84e07e2525a325756fcafc35ae05
SHA256 dfd7406f52efecf5a01e8597e88038dfb9a60ba371c59dfc8f4d639b0f164d18
SHA512 e9b4266a1dfb055a3f6948fafa451278e5ce0274e00a8909dbdf11c197d0eca3597cbe56e774765a32222992ec6d8e839fa27530e1227e82f1a90a860d5ed59a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

MD5 bbf2c332abbcbe1314bf4ee2f8f440e6
SHA1 6268f664cea43faa8153dffeb7f73c9a61c4bfbe
SHA256 d92df93e7cfef615f45d07fd3e56dd1322ab2d80075e9b351346da7c57976d07
SHA512 a66686e2ce9f90a2b2ddadc28fc0349db2e8ad7b18d91b62ab532b74f34afab708ed6b004dd4e30b447f3189618c5f52e89eb24691e976f214338a5457d0150d