Analysis Overview
Threat Level: Likely malicious
The file https://teams.microsoft.com/l/chat/19:[email protected]/conversations?tenantId=f4e2d11c-fae4-453b-b6c0-2964663779aa&lm=deeplink&lmsrc=email&emltid=8751cdaf-ee9a-486b-a509-11eb17bd4870&linkpos=1&emltype=New_Activities&linktype=New_ChatGroupActivity&cmpid=missedActivity was found to be: Likely malicious.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand microsoft.
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-02 12:57
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 12:57
Reported
2024-07-02 12:59
Platform
win10-20240404-en
Max time kernel
99s
Max time network
102s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://teams.microsoft.com/l/chat/19:[email protected]/conversations?tenantId=f4e2d11c-fae4-453b-b6c0-2964663779aa&lm=deeplink&lmsrc=email&emltid=8751cdaf-ee9a-486b-a509-11eb17bd4870&linkpos=1&emltype=New_Activities&linktype=New_ChatGroupActivity&cmpid=missedActivity"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://teams.microsoft.com/l/chat/19:[email protected]/conversations?tenantId=f4e2d11c-fae4-453b-b6c0-2964663779aa&lm=deeplink&lmsrc=email&emltid=8751cdaf-ee9a-486b-a509-11eb17bd4870&linkpos=1&emltype=New_Activities&linktype=New_ChatGroupActivity&cmpid=missedActivity
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.0.2019944841\130573519" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4549330d-4617-46ec-9ef9-243621faddad} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 1760 14b110ec058 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.1.1573248809\911253883" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {177dbf53-8532-442d-8b86-b9f44e91ba51} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 2136 14b10fe4058 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.2.750813335\1886217906" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2900 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c02477c8-2d0c-4962-b13c-193966bbafef} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 2896 14b14fd2e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.3.1900080622\42091911" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3492 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49d247b9-d65c-4d3b-a0a5-5869c2cb1900} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 3468 14b1650d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.4.667941216\1227224539" -childID 3 -isForBrowser -prefsHandle 4220 -prefMapHandle 4680 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a35382f8-b20e-4846-9654-5efc9a6fccdd} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 4620 14b17786558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.5.1416257318\494002902" -childID 4 -isForBrowser -prefsHandle 4804 -prefMapHandle 4808 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75562e62-bdf3-40f6-9b3e-03e842ce42c0} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 4888 14b17788f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.6.1237128490\2131838844" -childID 5 -isForBrowser -prefsHandle 4688 -prefMapHandle 4796 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {589fe60e-2fd0-4b5f-829f-756c448fe448} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 5024 14b1842ec58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.7.1057258960\723329769" -childID 6 -isForBrowser -prefsHandle 3668 -prefMapHandle 4120 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08670781-5210-4c25-ade7-71bf3c4bb33f} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 4024 14b198b3958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.8.28454022\1603615888" -childID 7 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e94845b-a2a8-401b-89ff-95b7b77bc2db} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 5444 14b1aa49258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.9.1639190256\998851819" -childID 8 -isForBrowser -prefsHandle 5204 -prefMapHandle 5200 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c719793-4a34-4eec-85de-0ec5de05cfa4} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 5196 14b1aa4b658 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49769 | tcp | |
| US | 8.8.8.8:53 | teams.microsoft.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 52.123.129.14:443 | teams.microsoft.com | tcp |
| US | 8.8.8.8:53 | s-0005.dual-s-msedge.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | s-0005.dual-s-msedge.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 44.241.14.171:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 14.129.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | statics.teams.cdn.office.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| N/A | 127.0.0.1:49775 | tcp | |
| US | 8.8.8.8:53 | 171.14.241.44.in-addr.arpa | udp |
| GB | 2.20.12.69:443 | statics.teams.cdn.office.net | tcp |
| US | 8.8.8.8:53 | a1813.dscd.akamai.net | udp |
| GB | 2.20.12.69:443 | a1813.dscd.akamai.net | tcp |
| US | 8.8.8.8:53 | 69.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a1813.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 20.42.65.88:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdeus08.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus08.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus19.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus19.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdweu03.westeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdweu03.westeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | s-0005.s-msedge.net | udp |
| US | 8.8.8.8:53 | s-0005.s-msedge.net | udp |
| US | 8.8.8.8:53 | statics.teams.cdn.office.net | udp |
| US | 8.8.8.8:53 | a1813.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | a1813.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | 132.194.113.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| IE | 20.190.159.23:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | sni1gl.wpc.omegacdn.net | udp |
| US | 8.8.8.8:53 | sni1gl.wpc.omegacdn.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aadcdn.msftauthimages.net | udp |
| US | 8.8.8.8:53 | autologon.microsoftazuread-sso.com | udp |
| US | 13.107.253.64:443 | aadcdn.msftauthimages.net | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.fb-t-msedge.net | udp |
| IE | 20.190.159.2:443 | autologon.microsoftazuread-sso.com | tcp |
| US | 8.8.8.8:53 | autologon.microsoftazuread-sso.com | udp |
| US | 8.8.8.8:53 | autologon.microsoftazuread-sso.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 13.107.246.64:443 | s-part-0036.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | sni1gl.wpc.alphacdn.net | udp |
| US | 8.8.8.8:53 | sni1gl.wpc.alphacdn.net | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipv6.login.live.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| NL | 13.69.116.104:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdweu06.westeurope.cloudapp.azure.com | udp |
| NL | 13.69.116.104:443 | onedscolprdweu06.westeurope.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | onedscolprdweu06.westeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 104.116.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprduks05.uksouth.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprduks05.uksouth.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdneu07.northeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdneu07.northeurope.cloudapp.azure.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7c35f2fb-202a-4be2-8901-1c2bcc1d8813
| MD5 | 60067ddbc18d96c8240e0a23b90e853b |
| SHA1 | d4a7d73889674007238e51bc0697b13e9979d908 |
| SHA256 | 3e58b6a7a4ef029a8bcb0693d973d0a3627850642f1c69fd2d0b86fe15306081 |
| SHA512 | 72499da653477c9241b9e1712bc0fd3e377e1aa5b28687a8d3e64e7d3c118567785f6c0386063c94d81f4ea98283e06881cd9cefcc4c9f2ea366ae2927afacc5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0f936414-b222-441b-9ea7-a01a9c699de9
| MD5 | edbe8ea3f95fd972ace0127b3681b374 |
| SHA1 | e1d8f51e9ff7bbff3c7489d0bf9e9816bc929069 |
| SHA256 | 3aa12fbc084a4d9b25c51a6356b6c2b2b90220725a7f72f1e060961f68c8fc63 |
| SHA512 | e151bacf41f0e63774e2afccffa4d324620f7abcf8b03d4e1c9fb66b400bac7a44453d954206df5e0870b72865dc9b85c759a66223ccbaa2fd487dc3c6e99d11 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | d13ddcac1589c223d83f8122e4cee892 |
| SHA1 | 366c762fbcf7907ff3c3d66e73bdb07e51ab0525 |
| SHA256 | ca6d8bcc01f8bf819bc3482f6e7e87dfb975d41da5a69c40cebe5b6c4b6e8bb2 |
| SHA512 | b03ebcbca7af2c475d8107ccb13da4b2f7d050d1809f9aa6b2ebdee193dc8ccfa59e724d97c5dc2f8ecbf8ed7e7ce7b3801db6bc28b3dff3c9d5d91571ebadd5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | acb98d3d4e718735b97cfa91dc502aeb |
| SHA1 | 169e52e36b0118c591b2c7c4566f7d24bb48a1fe |
| SHA256 | d7f03e1c2f27c7dcae5c28ea3c52ddb1d5c8086870d28206e8afc039d6779ce5 |
| SHA512 | a8aa54bcc302f0e67fc2d856e540696259ef259dfc9ca8cf59a02a9552f86e004a251129ea53acd0109f6c6e10395003c884bf45a25424a93165b1b25b883227 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | d08aaff00f555040a68660d9b6ca6c86 |
| SHA1 | 6074f8af2407ed5a437340553cec7afb19225e0c |
| SHA256 | 03d660e2d11d284a2c59ae1925daf52e8367a22665e7cf97fabb46ec6fc79bc6 |
| SHA512 | e3121001cbcf457e8f3593d4e572889cf2f7f360fe27f5d53ce79c7ba56b561f33458dc1ac655af6caf559abb10df0cfa9cfe962fbc40eb699b3328263eab13e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | b87e864caf728eee4518213c548db0c3 |
| SHA1 | d976bbea781724c372d8002059ae5bca2f24b6e1 |
| SHA256 | a5a716e798b18239c5f0e12a7d255298cd618d1dfda7c92bb9c8a083c94109a9 |
| SHA512 | 8b791197f695c6b3f6cf57b964d074902cef6bbdeb9cfc4a20d8390af26ee568bd9bf4981c91ef78581aa58b6afce322cd49aa3c70610d13a22a09d42458db79 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8a6d55a0efbb62228185e6c92cdd4ebe |
| SHA1 | 3e2c65f44c0cad4d1863e969325b13c6930c6812 |
| SHA256 | 6ccb1726a4c2a7c4d108f53829b9172ce87a2dfb8f088774202996e235fbcf8e |
| SHA512 | c1a132e52cc9f706dd66c46d3d6dc100c1c8680bd32916baabf5f3154c18335c3b0eb120f8c7ee0c74455429536dea0cdbba21aba31e0ecd74ab518f5708af5a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++teams.microsoft.com\cache\morgue\59\{b5b73d58-ceab-4798-b95c-794b11015d3b}.tmp
| MD5 | 61e7b05c89240ee4e5922400ecaa1437 |
| SHA1 | 2a812b5be986ab0614c471407dc8b46c68f22df2 |
| SHA256 | 9789268763fade9cce6470ce8497c18b685d538b828fba3c9c8118c82b7651af |
| SHA512 | a0e824370bdec76e606b636c50cbb137c82a99a89579e80056c93e43fc00ebfbede2453529be73e5f64997137b367be59d126ff7eb228f1c9e11b0d25b24aadd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++teams.microsoft.com\cache\morgue\224\{9bb1d986-7742-4741-997d-63e9858321e0}.tmp
| MD5 | 6640e5bb01d1b158210fb6cba7784d8b |
| SHA1 | 2df34c7d513ff05cc7277b09ac7d50715dd88e67 |
| SHA256 | 5965b729670ac49de147f771bfcdfd73977debef4f235e2cfa33787684954193 |
| SHA512 | 013cd12beb70082b7a800ccd33a811bc2311b15216e59a8d23919e5de98165fafca956468f5a2cd4cb9a4a99c25ceeb413f03a9a94916c5cfcfb2bcb18e30ba4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 7aa12dcf283babb2827f053ed96ea234 |
| SHA1 | edef0e6af371fe42f595d2f582e919fc5ca69d50 |
| SHA256 | 6a1be60d80e2015f3189c8b0433db4d0577cbd41590f4727766d662916f5394c |
| SHA512 | 18f5f3f7611e8a85f619aa16f803b425ae89ec46d9b62d5f7d50285c10955e42876cbc93d841d6d4110e569b51221ce0a8487526097072c02d0d29e4c64ac98b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 230ff626b4c9814806e722d6f84f5527 |
| SHA1 | 7e317b08e2137e5fb3fb40ec3924f8fedd31ec97 |
| SHA256 | f962a62d5d9df864321de14446085c67d080f60d07f6f433d356406312392f10 |
| SHA512 | f803ea8ce6e5a2ed09a59afa7408490ccefec04ddf54f413b8e615beed8caa486c12a696498ab4e2e5108affe919cb36a57fe6fb95793b56c544c985b38eb1b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9c4cee0c71028a65cd884e22c9c59eca |
| SHA1 | b9d13e21b7a8d0cc2643c1ca9e44c27e4cf4f99c |
| SHA256 | ad680748b0590678c84ff87d426a7b59b24935b7caf8a5fc33f0156474c5197d |
| SHA512 | 901baaf33641e07d584e96843dd8be48d423dbd9dac05f8e8b59663d21794bc6d6302f3f8f4d94385b67d0434572ca65e5907c09cd831409b345510f3ca1f125 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c5cec31c16d546f94f7b3d255327d0c7 |
| SHA1 | 48e9dd60f6ecab0fb7dd77dd1c45e9f617bd5ce7 |
| SHA256 | 7e3a545b95c3e70b01f234f8b82ae81b7ba764d93ad11e9e3689d281a8252219 |
| SHA512 | 424ddd5029e59cea6fb1cdcd2feadc819171107e2c744882b354682ca8a982959baa636d6d965561f7b11c05b8a57e896fedc04833f49d913c5419cbae48a24b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a4635d731c63561070a0a86551c25949 |
| SHA1 | 8b98fc612ae4b54c3743e57339ca300241298101 |
| SHA256 | 010adfd5bb541220631f945167be40aad4892dbcc8545000ede6ab4d1104ea7a |
| SHA512 | b78b2d73a4e298de2e96c79221e4da376d0f1268513bf69460c5863fbc6cdb6678b87cabd3961a904a3097cfc3deaf382223e5cfb2cd6a0a714cf76a373cecb7 |