hxxps://alamanaschool-my[.]sharepoint[.]com/[:]o[:]/g/personal/faridhajahan_kg_amanaschool_com/EkvySDvSUDRKllTFCCUN_F8BJy7hmsNTlAvS5L9uS1Bdpg?e=GX0vjb

Analysis

max time kernel
64s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 09:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://alamanaschool-my.sharepoint.com/:o:/g/personal/faridhajahan_kg_amanaschool_com/EkvySDvSUDRKllTFCCUN_F8BJy7hmsNTlAvS5L9uS1Bdpg?e=GX0vjb

Score

4^/10

link pdf

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
behavioral1/files/0x000a000000023570-508.dat	pdf_with_link_action

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\siteproject0983.pdf:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2572	firefox.exe
Token: SeDebugPrivilege	2572	firefox.exe
Token: SeDebugPrivilege	2572	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2228 wrote to memory of 2572	2228	firefox.exe	85
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 1088	2572	firefox.exe	86
PID 2572 wrote to memory of 2568	2572	firefox.exe	87
PID 2572 wrote to memory of 2568	2572	firefox.exe	87
PID 2572 wrote to memory of 2568	2572	firefox.exe	87
PID 2572 wrote to memory of 2568	2572	firefox.exe	87
PID 2572 wrote to memory of 2568	2572	firefox.exe	87
PID 2572 wrote to memory of 2568	2572	firefox.exe	87
PID 2572 wrote to memory of 2568	2572	firefox.exe	87
PID 2572 wrote to memory of 2568	2572	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://alamanaschool-my.sharepoint.com/:o:/g/personal/faridhajahan_kg_amanaschool_com/EkvySDvSUDRKllTFCCUN_F8BJy7hmsNTlAvS5L9uS1Bdpg?e=GX0vjb"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://alamanaschool-my.sharepoint.com/:o:/g/personal/faridhajahan_kg_amanaschool_com/EkvySDvSUDRKllTFCCUN_F8BJy7hmsNTlAvS5L9uS1Bdpg?e=GX0vjb
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1ee4d3d-52d5-478b-a1af-b9ca7740800b} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" gpu
    3⤵
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2532 -parentBuildID 20240401114208 -prefsHandle 2508 -prefMapHandle 2504 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d0a2885-6868-44e9-a45b-de493bb786b2} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" socket
    3⤵
    PID:2568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3108 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7e85e2e-cf01-49ec-bbd9-308a27acb1a2} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
    3⤵
    PID:940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3656 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2c663ff-bbdb-43d1-bde7-10abfb608251} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
    3⤵
    PID:2760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1796 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4300 -prefMapHandle 4296 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad803022-b31e-43b0-b5bf-c098b2c35401} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" utility
    3⤵
    - Checks processor information in registry
    PID:3156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5276 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {695035fe-777a-4f3a-a37b-99faecb36ae3} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
    3⤵
    PID:4136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5560 -childID 4 -isForBrowser -prefsHandle 5480 -prefMapHandle 5484 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b5fa21e-31f1-4eb9-8bc7-229d63b3752a} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
    3⤵
    PID:3044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 5 -isForBrowser -prefsHandle 5672 -prefMapHandle 5676 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6af2569a-10b2-44ae-861f-54eecc961544} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
    3⤵
    PID:3344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 6 -isForBrowser -prefsHandle 5520 -prefMapHandle 6032 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d3b9f7e-9fe4-42a8-9762-dc4fd11fb39b} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
    3⤵
    PID:3844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6344 -childID 7 -isForBrowser -prefsHandle 6496 -prefMapHandle 6492 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0765e435-3bb1-476c-b606-30310f62f937} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
    3⤵
    PID:3788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6764 -childID 8 -isForBrowser -prefsHandle 6676 -prefMapHandle 6732 -prefsLen 29318 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb4ccffd-18e9-4621-ac04-edfe591df3af} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
    3⤵
    PID:5704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4148 -childID 9 -isForBrowser -prefsHandle 4248 -prefMapHandle 4116 -prefsLen 27959 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11b74383-ed4e-4c03-9b07-11d12c0197a0} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
    3⤵
    PID:1484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7188 -childID 10 -isForBrowser -prefsHandle 7196 -prefMapHandle 7200 -prefsLen 27959 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61b96bd8-bdca-4d04-9e6b-1a9beb745154} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
    3⤵
    PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
4306ecf20dd6cfdb780ef1565066380a

SHA1
51b0573ed942f1bb296d2ba5330138d63d5d6688

SHA256
4b4a1069aa38cfab55b863afe5c1082fbf3d7e5b897f5d70e935f37c3c55ba55

SHA512
1439a50667d4257550b3ed5ad5db0bdc5559caa2aace5e0cc89d5afc3d48c35bde13ef395682e8dba49e78623ead5a2fd1f8c40673d593bd9774903fce7adb36

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
7KB

MD5
dd8a4f70fcf2dfd49a56d74186e81e53

SHA1
824816ae89809ee0ec98cee3901de06998b5f53b

SHA256
8f5dd7446498ec1b2a7ce5e3556639fc2300b19ca8160a286105e7a927605185

SHA512
c5684907c27b52155c9bd55fe2e81e0737de3abd1b40f4c27442b30ac7c4a3ff2e3a717f775cdcc9fdd10c1ed3b7cc4ffd42b9d3a10c026de4b00a5d5e24b7e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
12KB

MD5
3d269622d35a1b8e3e308bd4558cd482

SHA1
d0c244cc4ddacc3e40f7e796bda7a60ac5f55a03

SHA256
90818a1275662c3c74efee88e3e3eaf532043ebecc8b1fa9d0c3a6ea77366a63

SHA512
4507a494d252e737411bb6ba7dba16d8bcc275aa2b907ddf4f3c4783d53c9831519b98dfa4c1579c9541f48b650b2eb30c818bf22472743014845cc78e924ae9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
65aa8350a478815f6bf3b03eaf8d5558

SHA1
95076b51d5f364003e6fe959fb5cb9c7f8a3ecf1

SHA256
ae532908385c194dbf38fc54a461068f9e263279832e403394902d7a7d42c5e7

SHA512
cc93c9d3f9801585a7c138462e64548e2a9675bfcb45218ae17cdbd77bbefe0a81f8c2635800c5fe72a8a7e8a9efeb8ba8b660be2c78f277dce8ff9f0ccdbe02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c5f0b0e6b77ee4b573f13e6e4dbe3b29

SHA1
96c87c46b19dede0724eb5901c7de1fc78987565

SHA256
a9a52da2ab523c749a1ae0e1d89d83932cc0b2696c8eb84bf7ee0a8443e9243d

SHA512
bbad32a26719a9e90682492dce9969e147506f6ebc6c480e326dcd8830eeabb271b60600b570b83c794652679203df5199534101b966bb3e2e592dcdba936e09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\28d9bf5e-b1f2-452c-bde1-88810ade3f79

Filesize
26KB

MD5
a5efec27fc7b6d31882c3442b83ea091

SHA1
08683a98e63a883fc9722c64cbf724a6d397cf6c

SHA256
d9bf2154e001aad3c7af01fb9485d5f45ed6e1eff25b8b90a7ddaf8df519e5b9

SHA512
b0ac5a8e920d0256f66edf8383ea9c4a31aebfbcab7ce12e83456b70d3bd09dddc00d6d3066e57f9714b157a91ad0a5b0cdc4d0157e6d31eaf4ffb76e2c77b67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\41342364-05e3-4650-a98f-cc519a3cbf2e

Filesize
671B

MD5
4532c1fed13b12dc18be5b4c4c0f325a

SHA1
f3224a013d8d1a0c503c13d41f6fe0dcb4f9dd6a

SHA256
36bb5734b280c48f6b11c08a89d1645b1c42a8bab3fd4fe3b40f1279f9dba8a3

SHA512
461b075646d0c2ca8e7dac86642d3b0b21b009e3bfb5ea3b886240a8d83d09aae0c703f70396ad8e78bd1747b4581120ec730e2ef3238bb8b54573b646cce0e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\ed57e69e-2e62-4617-9d81-fa6524748263

Filesize
982B

MD5
53161420282609442deb3327b792f7c5

SHA1
1a159627052b0c23a27e46e30a97fd5ba21effb9

SHA256
c553552c7e71091b96db62571bf1a95019caf2b0eca93ada0e2910328dcf928b

SHA512
895535d3449d64bd6269cd53c9c5653316ce6f164b46911d2091bb3548d3dbd2c2b5a812e1691de50dc5d56bb68a932a551e6d8f9ad808c8128e1e21a2ac6c7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs.js

Filesize
8KB

MD5
aa234aa7c4ba4540a04a23c17cb93ac1

SHA1
f39a19204ca5abfa69d9feff305b0e29d68b7c16

SHA256
673f5d9e30425599a0bea0dd03352f2989dcf16ef76e744dcb5d28a616a54f16

SHA512
7fe66edf8abc9ff1e8ee199ba8c993b2f8192ff312c24d864c17f387d6069d3c1669214dbd0633c59c9de5c70355429052293f4e21d66707c24e9eba5315674c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs.js

Filesize
10KB

MD5
8b3dd191ffcc61db1cfd39413d8ba4fb

SHA1
dc8d67fabdaf61d702ecbffae19c7d7831c496fe

SHA256
829b0c32b9ad7dd2569e7ab635cb3c1c6b7a133a6a667bd0c09a744d07cc912c

SHA512
4275d561115586d455751449c93d3161c445eeb32c725c4620f4606834658690cfaeba7751336a56f29edda284771964356f7c5b4d891aceefe6d5bf054da2ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs.js

Filesize
11KB

MD5
103bec2bbc9c44c9e4daf0fd74fcf120

SHA1
bb7c654c4e9be58ab8fa56fa9b9daf8e95ddea6b

SHA256
8c6fda19bdc5298896dbaf4ae956618bb2385f221b8ba51318d64430698216dd

SHA512
0bc16cf29289549bb0d456444ec9f1026955ed396bd9ccfb4346cab30bff9f38234e11f9c59c1dc9d641f30d5c7648f2d049c121c5e0e5884517e255d1c32b92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs.js

Filesize
10KB

MD5
7f0c389454a495bb4d2a6a903eecafd1

SHA1
6299b4f8904abc8abb937304d283587cf3437bb9

SHA256
d03dc32a0e9a55fa21274eab388e544b27b100412841fbbd79f7b363aa67812b

SHA512
5b1b4831330d058e055ea28da85d78051fdd40cc17f5c907ec32019d6a8a5a3c8abcdfb78f1b0d9e9c779c0a3b50fe250208e2d5beacb103d9cec894bd8d1377

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
f462b9a8e89fecd79dd9a0237c819cd2

SHA1
39133512f6a2136df79ac92aeec658619aec2a02

SHA256
21329b4d80389a5fcc46e307553d8db0f9803484694e7725b1dc954658a6431d

SHA512
1f4ec00d8b2bc8108d78367e0119d0967d48ce8eee01baaf600bd78491ac4a59dfc5ebf887ae328ad67ea8fb7a118073535a351ee43719c5d5ce0c99749ed156

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
a30d3e1de04d91e352f9b2bd0390168d

SHA1
70abb818c2250acae8d97ac4107eb1f4cd102886

SHA256
9544412c19bdd80788abf56d50da502fc6e17bdaea597a53852bdb408df77b9b

SHA512
c0ba0adb173af0e290455947b2dfc8807c80d93e6bb00c99802631815e227a689be316718b2ceb7bc0fa2af7143bacf9cb13ff082284ae6ea417761fc6246899

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
b406e2e5ae4f8c7e4287e0ec27bbcba8

SHA1
b7c2e24847ce4276d8340097b31b25f739f03d78

SHA256
3e6f31155cd31b9e81082f623350fafc1d285362a8301b0ee30aff1549c954d1

SHA512
63f168d6eb5c315b2560981831494d4090a5fef0ea4af42031a1ddec06cb9d2918efd5a463613390f0eb640f6d2bfd2fed7a68ba9ae586f82a5f92d345429bcb

Download Submit
C:\Users\Admin\Downloads\ryLXcIzJ.pdf.part

Filesize
61KB

MD5
06e88a43e976ecfcc6cdbfa244af5c01

SHA1
d3cb86807e54e268dece79293dd4ec1e0fdb8ac4

SHA256
a28fc03e8c9313df983528025baa6bf0aca3f9bfcf53698c0a29bc35a60e847e

SHA512
83ad9e4b51a8a28e7e21fdf7f7e62804b5b8eac0f7ff3f98233ddd7fc58ac3d04a6828b1dc04dab1d1bf87d560eacff03487cf56e6834795809a93daccc51e7a

Download Submit