hxxps://t[.]co/2ElwOXRXWP

Analysis

max time kernel
260s
max time network
266s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08/07/2024, 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.co/2ElwOXRXWP

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3140	firefox.exe
Token: SeDebugPrivilege	3140	firefox.exe
Token: SeDebugPrivilege	3140	firefox.exe
Token: SeDebugPrivilege	3140	firefox.exe
Token: SeDebugPrivilege	3140	firefox.exe
Token: SeDebugPrivilege	3140	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3140	firefox.exe
3140	firefox.exe
3140	firefox.exe
3140	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3140	firefox.exe
3140	firefox.exe
3140	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3140	firefox.exe
3140	firefox.exe
3140	firefox.exe
3140	firefox.exe
3140	firefox.exe
3140	firefox.exe
3140	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 4740 wrote to memory of 3140	4740	firefox.exe	72
PID 3140 wrote to memory of 1180	3140	firefox.exe	73
PID 3140 wrote to memory of 1180	3140	firefox.exe	73
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 4416	3140	firefox.exe	74
PID 3140 wrote to memory of 3496	3140	firefox.exe	75
PID 3140 wrote to memory of 3496	3140	firefox.exe	75
PID 3140 wrote to memory of 3496	3140	firefox.exe	75

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://t.co/2ElwOXRXWP"
1⤵
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://t.co/2ElwOXRXWP
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.0.153197718\899308764" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {705c6752-a8d6-455e-88d3-a74d2c92d64d} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 1764 219ae381f58 gpu
    3⤵
    PID:1180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.1.19888229\1761827582" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b184ad16-ea9c-482c-b159-40351dc93a8c} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 2140 219acffc458 socket
    3⤵
    PID:4416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.2.1574918482\1850438671" -childID 1 -isForBrowser -prefsHandle 2792 -prefMapHandle 2788 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9ca57d3-682e-4fd3-82c9-2e6614df6698} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 2668 219b13d0458 tab
    3⤵
    PID:3496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.3.1571507003\1770530427" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c97f5db6-a6b8-4966-95f0-50efc53ba7dc} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 3576 219b1305658 tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.4.1927072031\1365166907" -childID 3 -isForBrowser -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37227692-b5bb-4224-9a66-10d4567760a2} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 4848 219b1961058 tab
    3⤵
    PID:2748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.5.498533921\421276233" -childID 4 -isForBrowser -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1257ff09-d2a9-4057-91b9-ed85db813870} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 4976 219b38b8258 tab
    3⤵
    PID:2708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.6.229633289\1756437901" -childID 5 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57eaf450-3db6-460d-ac15-0fb9b20d643c} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 5160 219b3e3ee58 tab
    3⤵
    PID:2712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.7.1674014459\2053948018" -childID 6 -isForBrowser -prefsHandle 5064 -prefMapHandle 5364 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ab3836b-141b-45d5-a065-eb81febfa16c} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 5352 219b3e41258 tab
    3⤵
    PID:3024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.8.1240488716\100812747" -childID 7 -isForBrowser -prefsHandle 2944 -prefMapHandle 2928 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dfc4611-5f17-43c5-b231-672b18474700} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 2932 219b22d8b58 tab
    3⤵
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.9.320523164\2043510327" -childID 8 -isForBrowser -prefsHandle 2612 -prefMapHandle 2552 -prefsLen 27459 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edb05d95-91de-4778-a774-73df4a73c3ee} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 4004 219b1437158 tab
    3⤵
    PID:208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.10.1691447049\2145323143" -childID 9 -isForBrowser -prefsHandle 2172 -prefMapHandle 4312 -prefsLen 27459 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1520b464-7fad-4206-8009-fcffcd560932} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 5896 219b4a98158 tab
    3⤵
    PID:4024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.11.1893386786\1367504778" -childID 10 -isForBrowser -prefsHandle 5872 -prefMapHandle 5860 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {776ef5b8-092b-4a96-a7c9-1438d1fd68ad} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 4160 219b146f658 tab
    3⤵
    PID:4672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.12.2042434913\271956949" -childID 11 -isForBrowser -prefsHandle 5504 -prefMapHandle 6364 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc3d85a3-9701-4bbf-8205-c9e901bd9c71} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 5340 219b7a0eb58 tab
    3⤵
    PID:2916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3140.13.1400373063\51430705" -childID 12 -isForBrowser -prefsHandle 6060 -prefMapHandle 5984 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5844789c-7e06-4243-94a7-2f631718443a} 3140 "\\.\pipe\gecko-crash-server-pipe.3140" 6048 219a2070a58 tab
    3⤵
    PID:1088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\32331

Filesize
99KB

MD5
a0338310964127ea5d1d6809bebc527c

SHA1
f2758b0743d27074d2aec7d15966246580a729cb

SHA256
3134eeacb6c91e4c7a613f4c6bb16b97c2ae3f7e1b16be59994361864081242d

SHA512
6bd344bce9ed6943a4ebd5840146218519a67a97f67600bc6eee0cc4c5ae6875321e03442f9a66b46eb482330d02b18c4de33dbb8aa980afcd599aa866c9ba75

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\9088

Filesize
15KB

MD5
39f86dbcd63911ea03194b9fa4ea1385

SHA1
7f2c236368b65357df57acdc5f54408ff8046c1c

SHA256
1cd9ea7d25b74df2ff1ac33ebfe3311f652fe2bf121c0e91181a0bf087c32ef5

SHA512
5093ba46a1f43d476bd077331102155f4ccb75239d428e0be68ba2eb83b4f904e2dec01f9737075f6ff8ccb2b11b7a63eac72daaf8ce199d35a1c0176c2a3183

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\4DABAF7EFACD377F68614B900873860C74399618

Filesize
220KB

MD5
050f74d52c9a4961be46847461a080c3

SHA1
5ca2b65f5467ad7c4a7d942793cae062df4e9cf8

SHA256
5591e3ab2b201747a780ac2dbc6e1643f5a56be16810d797b7b9b7f4e9722ee8

SHA512
f52bd3638bbac27bef84bef859ec078096fef11d901fa0c9fa66396e02f931581e7ca613af2e67f92744db08ab8c5b25089a3d89e39776c4f2cacc0a810a5878

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7B1E62975CB0D57BB69BF3D4686B0C7A0E9928B5

Filesize
70KB

MD5
5d9c04240d1772b50bc0e894f6e780d2

SHA1
a6569c275c55d318f69f5aa18f3ccb96d5906d18

SHA256
b12b2fc1c8139c28ea423aeaa2a555be62c0b03db34d8a45841799f9d423ed26

SHA512
458a847a83068a61b974efc97b676d5af901e7d4f7967243eab80812738f99aeebd4c67f5b3d3e7920f19af4505ae05d87f66a0821b7ab2426685a8e9befc2e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8A011D3FEBBDA9B9C46229715A74F1937B2EEC47

Filesize
60KB

MD5
b894a2b6b3fb9490f1eae7e1fc587831

SHA1
1241f5ae289934f5a2825162bccfdd2deb3086b7

SHA256
1a64614df92ed7b03c7d2ee49cd17c8b1919288c67ae02dc4083aa94286f0666

SHA512
03ecca62029e79352e44a24eafc4f3f6dcdc853b365c260f050ae0990445935496b84bdc0ef878803bc55c64508f852c29b4ada0400113246e758cb07430350b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
dbae6378420f1e7b71a310f55bdc7cdd

SHA1
e630ec8fcf305a4151b44dabc15ae83b0ab888c9

SHA256
efe92f395087b54a998a62566d6b39f75308cfbb9f691e1aaa1b7aeee93ef52d

SHA512
0c8e64bdbd89c5bdd1feb96e49dfdb78232e844433785627ff138da0a7e5fd33492d29ac6efbaa1edd46e1ab99fedb7ca958e6aab7565598411e01b05289584a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
9f3d86b1150807e997c9dc58f7d21ab8

SHA1
ab83ece044bb67981b688a37df42caab9566956e

SHA256
4cb88edb3957fe3cce6d7247e121801694a3f3925068808c62e92d8f174fccbe

SHA512
d3f3fff5b54ef7c271dfdf8637c715fdafd465de553506d86a965ae530aaa2e00fc2ad5b9493e9e23713fe4a973e25965504c3732ad92af52a37c6c0ca6ee009

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\5043758d-2f80-4bd6-84b2-70fa24e6a0c5

Filesize
855B

MD5
9383a76941dbcbc29b01e83d7120b511

SHA1
ed4240ecd59f482e8b5d3bd3f3314dd823baa146

SHA256
c8846c57f1e1075a493ac265479c8321f10301f9100db260577286f421b49ea4

SHA512
e1147c8e8be2d34ea6abcb54e9e7ccce788e6fc89311380f2fdf8c81aaee63be621e20df10a137edaaa752e8bfedb6e4b3b54646e4d4b821f54afd18f68fb8e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\69f24c46-be7e-487c-ad29-54d21323328c

Filesize
11KB

MD5
9c003a5cdb134056ec38e2a1ea1b2814

SHA1
6fcd1491ee2d1c730a2768f2088bed2704745ddc

SHA256
5bea6b97dbc86f99d52db9aaa1d33f9f35055ea6fe094bc4e91a2f68b3539505

SHA512
10c9d2b9beacb6305455a19ae6de0ee34d3cc38096c469cde99e5d328ded0a1be71fd60c8cd7c40d75ad75376d6466cfc8e29ca92173aed93dfbc296ed1d499d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d10f4909-ccd7-41b4-a797-27b3f2676782

Filesize
746B

MD5
58a0f43e1ead23fe12dc46b13b9ac66e

SHA1
4b74d38db73a95cbb8875c12b586644adce2f05c

SHA256
7eb8192ff887d55e8500a32a0364e396d1ddd82f856203e60357b97469b5f534

SHA512
5e14f775625ef907d5b55601529b4fc214771f2fa4d7bc7556fba205d67a69113127d5669f6a30388ca43cfd8c4ae3c4d2a2d27154c00232f69a88384535e8a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\f5062699-79f3-4d8a-a4ba-cc3ccfc28af7

Filesize
1KB

MD5
a03048ea54290f24c097ac7cb7f2c106

SHA1
28848431f08b85ca972845dd1b2e0f1171b0022e

SHA256
a44f1fb9736af885524116e377b314c0b2118cd02a7d54da4ab476e144babbbc

SHA512
08e105d4b6b2a36b46e8320eb6c48c5d772e93974020fdc023b567af62c866e7f4478d426e62b2218e760b33b02bcda9212a14618cb9f707051e8e8f0761d81c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
42086ceeffd9e7664251eed764eec8e4

SHA1
fb4d050af05e5d39bf9a1c5d941e0b0f567d15cc

SHA256
e032270d014a49f3ce5e87aa04e603f00c972c3b76d315b24ab4a481b14ee8d6

SHA512
d43c2187769ed1e96201e6301fd458d2b2f5942144d126bc7effa40359d185be3c39ad09bebb531c6bb51a295c0c613c628b1f0b56a4f7983ba47ef517bb5033

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
7ec1f0ec413ee65be1247dfa217ef07d

SHA1
fc0aa679e797e28467790421d4e35e26c7cf07b3

SHA256
394f42c535e359e10e5599232c1f7377d5a58e13804238ada07f9abb0f0cbe02

SHA512
f751d697e1732055904b325e0cb1303fbad80f6e0051df80b86807fed1f6d8dd7585572d664a75d18b5ae5bc1f1de183bafe402bba8f37d998688e189ad85ca3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
b2733f3a6f13c7a0e28d13f0c41a9bdf

SHA1
6ff3e1dc0a15d48d26a839b9a13b8ccc4144f6bc

SHA256
029514822367bf3fbbddf4ef9bdebba6a1bad4f99c8af1466f6edeecb436b3a4

SHA512
8380619520cf229429e5b1cafa4deaf99b061eb68ec8a35d96e3ce1a9bbfb30a3b5b5338aebd0d0874957514692b95705b3ffc420cb9f829d9c9bd7d4f6c69be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
3a65e459b2d99754e2e2f472f837e757

SHA1
0513d610f05c347bcb9b982d0a8e9038ba76f1a7

SHA256
b0c9c30a34d08caeba7bcf395a3c34538502ea929a11bdf4d57f134a377d2cca

SHA512
91475fe457c8d60694d688978d64540e19742153096397a6c7d2f6c6213d85f32713ae3cbd8affdd3df3e5624a7c061f8bc893c4942b466813215daffcacdafc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
6a73b9b718eb0484b0f98890496a33ed

SHA1
227f47096f1dcd3c6c8b84843fa2fe0fef96fafa

SHA256
63c8101ddec3c6f483d3c30012b969717eef8803e3edf476026f720d304a41dd

SHA512
9b7d5721f5af22e869cfb92df3a79753904111095931d26a930636d201ee53d86946943e8b4bfc1481f8a99d3fe8f821c57b310ba539a97765fe36a90cec8650

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
b06e0801eca7b51785d4b02a0239204a

SHA1
5357726bff66f7b776050954378b0290b58aadfe

SHA256
026e6038f23e9bb7bd2950822b389951bd9a6bef3e5e505d4f20c62e9b914670

SHA512
19dd87e950bb59cd4c8313e5858b8f63533cfc5c00e08c61220427064c8e0ee25cb63915026de80001f8e1636145d6b7b51b35c835cd0734dfd95344d0e75255

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
57f47d372502315b31af416cd134a514

SHA1
1bbc585dd9295cef8abd00d4d31f48c9561e68ce

SHA256
b17deea52e3f673e26b22afb98f5707b42c7a1058bdf9306f6871fc5aef40258

SHA512
4219cc98a48f5161f35e55fa5f5301c3e3d6b3b25d40966d145e28a001596556e7910007d74770eff9019eebd065eeb3f72b247e75ff6d2dede99242b6cf42ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
770230880473130de268be6ff7ceaffb

SHA1
9d3b40ceadf92ed9ca42038823126c07e30705a6

SHA256
5fee86dbc67f08f17f778d0b39707b68dbbeaff8de172aac805c343366074103

SHA512
c883f796c1ec7a4f021357d0bc7e5f3725501ad7da4046660a678ab1b3e00553fd7926f380d5fcb2b9afcd61cff35bfdf01a2eca3995452ef08868a2863f65af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b1e7e9a56f9c395dc82848b4cb545c20

SHA1
457fd9953d65cf02787c8fb23f3826e00f6fb98f

SHA256
ed82975f47d461011ae35ffe74438039566350a673e706afc340b037fb945a2a

SHA512
b03d94010064dece20664da3d4ee5ca405648c59513c46898a254ca46329b3f53c85f04d5b7c395535f00ce3adfa9fbb75a33320a7da6b408a2ef45846494ca7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e10a6c0e9c31b5de9afc91c0323d9177

SHA1
a32a40808d2520ce15ba1cf24d678c3ef6045fc8

SHA256
3602ce3f2e6d9718d304936e00ee038073a915e3a867fd9158227404af74acee

SHA512
bb478202f04a67dee568d265b8a05744ecc1d2cd4e659d91beedc00c122d3ecbba664d3f5793e473201245fcd494635fcdf2b820219c1d0df8694ffaa0418b1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
4231826d68f17fba4a43413cf9310a95

SHA1
237b4d2e144aa86d4b763a44939eb10dc26253b8

SHA256
5fba825d9d3367822316935e301179d034596892c6e06a5930cf959ee536dc58

SHA512
f135133562d5069fe1e72114f4f733f501ee3a22fbacf8c35fb0d37562af2e529c4e42a761cc55027f821f022ac32ed12a5241d3475cb182c14d4f0dcc5857ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
6f1c01f5be5267075d4af81a7236ea3d

SHA1
77fa16f62ecde94c4dec12d3ebae94d0fd7c52b6

SHA256
de1a4c8fe22a8b7065dc283c246c199bea54cc28f67b198b62b7247b2d7c2a6c

SHA512
472ca65279d3dfb4bdb314c6fc30226d35022cb76f9bf3d57a360f34dbd18ab0c99506a2dd8643a801ae8a9140c81ea3ed0d7d978c8f0fe921c4ad96d3dea2df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b6dd9854cfb73578435a999b40771c8c

SHA1
7bd57f8ca1465e3769d71e1898864e62a8c10805

SHA256
bc70bd3b2fbc4d56b519f5d559b30848f9ab32e7d147275def54441ffda4c933

SHA512
c057d6f257d95826b250a67d4345c894d449cb4445b1729a4473952e6c8c81ecaeaa778ab5e0706c02bc0c6fc23fcd4dd1041736c17ce60c0e153279397baaa1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
e24ac25cc98379db4f7668df1d34a74b

SHA1
db5d6d5d118ccf778a747c03c83a3a61f877f922

SHA256
10c0227f44b6e8b7efeec3f8c97fe8df199a21de85c2e6d0d477805eb2623010

SHA512
94c1e6cfcf04585aecf1bed91e08248016f9bfc0851a768f1793a1483b6f0b57c0cd5707c87bc7cddd7f55c37f9fd53f94a9c353ebfdd7467dc883990d0d1a4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
057862cec95a4c02aec5ca47655d90e5

SHA1
bf5d679f3a6caafdb965bb1fdd8c1bcbf14df523

SHA256
f8447cc9c0d717c19fa2d44bc10e3f626c9aeacb87cbffbbde1ea0f1e19479b5

SHA512
82564d6e9dfe339cfbc613b59a313beba565648fac25d3e39ba6838834cb41ffb11da78d1eb4b16bf3f113ac0ee5dedc2d47958cc024d2b81804f7d087c61056

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
43edc6f3cc46ee10d336881817ef765a

SHA1
cc7af9e8b80b97210f9fb42d8fd48a278dccec92

SHA256
2f7142325586ac1aec72bd3035437b36b20a10e93fd4b48f0f57ebfb7325fa79

SHA512
d160970591274442d6d81b8e9929d7e171a385bfb0739c28dd25219892a44106d5bad047df748d2a0c94fa964e538ef00782c6febdbad47c29c31479cd796acf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
692d5a27bd3a5286965914facab8160a

SHA1
2ebb98fed7ac7654cafaa3fbd9842d0c7e7934fd

SHA256
7900da9b0dc09772dc1143ba91099501272e5def1033c2847a7bc6e7bd5188d0

SHA512
0e897eb7f16ce5155431c658bd41dbf86fc869394211061d531007f3e931513cd8a805cc8956256bf0681357746475bb78fa90250b7e719f1362f3ac005afefc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1fdc13de64cfdb8ba3fcd71aad9d33d3

SHA1
b7649cfd66d751435fa56a4b4b20daace452c692

SHA256
fa890605b23aecfebe4300d159f10096cfaba982a942c8ce829617b3de36a783

SHA512
3c9dc261a1f0a96d4433d60de03423d58f0bd63dbf5db48962372658103f16991f6da06c1670deea1e51efd2a15aae699d1d287ee377e0a457299a7dd9f691a7

Download Submit