hxxp://gerritveldman[.]nl

Analysis

max time kernel
243s
max time network
225s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gerritveldman.nl

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1800	firefox.exe
Token: SeDebugPrivilege	1800	firefox.exe
Token: SeDebugPrivilege	1800	firefox.exe
Token: SeDebugPrivilege	1800	firefox.exe
Token: SeDebugPrivilege	1800	firefox.exe
Token: SeDebugPrivilege	1800	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe
1800	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1108 wrote to memory of 1800	1108	firefox.exe	84
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 3396	1800	firefox.exe	85
PID 1800 wrote to memory of 5008	1800	firefox.exe	86
PID 1800 wrote to memory of 5008	1800	firefox.exe	86
PID 1800 wrote to memory of 5008	1800	firefox.exe	86
PID 1800 wrote to memory of 5008	1800	firefox.exe	86
PID 1800 wrote to memory of 5008	1800	firefox.exe	86
PID 1800 wrote to memory of 5008	1800	firefox.exe	86
PID 1800 wrote to memory of 5008	1800	firefox.exe	86
PID 1800 wrote to memory of 5008	1800	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://gerritveldman.nl"
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://gerritveldman.nl
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1952 -prefMapHandle 1944 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc96dfac-c0e6-4aed-a5c5-1959cd6f1889} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" gpu
    3⤵
    PID:3396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dfb3c6b-9a81-4b6f-8571-1df7b4cbe3ec} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" socket
    3⤵
    PID:5008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3252 -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 1400 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6343f970-c191-4669-b53c-49348d869beb} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" tab
    3⤵
    PID:3260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3860 -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3804 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c704fb0-3829-4e6c-8f6d-4c6c822ad528} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" tab
    3⤵
    PID:3108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4416 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4400 -prefMapHandle 4408 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7675e50b-9672-4ce6-b976-f6534e821dfb} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" utility
    3⤵
    - Checks processor information in registry
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 3 -isForBrowser -prefsHandle 5464 -prefMapHandle 5460 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f549c9e-7123-446f-988a-181858b48c6b} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" tab
    3⤵
    PID:4928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 4 -isForBrowser -prefsHandle 5748 -prefMapHandle 3248 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91c79959-0d32-40d0-aef2-f6c74e38d538} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" tab
    3⤵
    PID:3340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 5 -isForBrowser -prefsHandle 3384 -prefMapHandle 3372 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ec71d09-c233-49f0-ba70-2a8d90e52935} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" tab
    3⤵
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3212 -childID 6 -isForBrowser -prefsHandle 3364 -prefMapHandle 3352 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb47bb4e-41bd-4276-8daf-5f3f30142e7d} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" tab
    3⤵
    PID:536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6360 -childID 7 -isForBrowser -prefsHandle 6352 -prefMapHandle 6348 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a93b1752-f546-4c4b-bcda-dc235056a751} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" tab
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6504 -childID 8 -isForBrowser -prefsHandle 6584 -prefMapHandle 6580 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90fc1143-f1e0-4ba8-a7e8-46f2ae32f257} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" tab
    3⤵
    PID:452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6152 -childID 9 -isForBrowser -prefsHandle 6224 -prefMapHandle 5720 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {832a49c0-68cb-4345-b894-91f0a57ad4df} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" tab
    3⤵
    PID:1168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
0ffde740de75cf5f27de29b662191f44

SHA1
c431386b47a5db1a1cc3bdf7061097676c0bc667

SHA256
4aba0c40f65f30f042c693c65fa3c7239a64995b3584a7c92463dc073514f97f

SHA512
9822ba3e0dcf56df862b6671f46e0c8254ff1bccd9a65d98636e9159f7d6d7013f5997e773c3ec384c6e9eea093c03ab9ae9da23812fbeac5255a4ccf9cd66bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\cache2\entries\892E2D465CBD767177A7D7AFDBE5BE96C621389E

Filesize
68KB

MD5
e42d21cf89f1211cbb90edfde7cecc59

SHA1
b245c80e3066a3e907efbedd972d105948b3ff8e

SHA256
638e6d96fbfb8a30144c1718750383f91ab06847b3dbcdf65b0618ec283a2640

SHA512
f7b7803e8589d063136a662ac048b85e47fddefa019f306930da112d620690827501b85c3c9f6eaf36a65b514e4cb3b3376c6d559b64cffe6ec2e1ee4b7dfef4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\cache2\entries\A1A59866B56D70E200F5E7D6E63B585989EE5668

Filesize
35KB

MD5
159def85c3f851b362be76f3096c9057

SHA1
e5ecc13c34155ce47e13d817a5ddf4136080669c

SHA256
0d20ea72d3ba98971fa25f1dac18c4448047a1a68f07e87b1ccdaa52abe7a4ed

SHA512
e547e51f7e0f12eb688d8c934b305a29e364aa4d58b6f67c7ebfaac9157d5e3ab15bc1096822c4cc88562d80f8f93545dca4e58144491bd1243936e2da3a3250

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\cache2\entries\A5633DA08833C966FDAA39D3CA7AEA3D5FBF647F

Filesize
19KB

MD5
c0426996317db13c3961c8cbeb555a5a

SHA1
3872d820b34ebfa876d8dabd5ceea11ee3b9cb81

SHA256
807cc89846ffda23e781360bda0f91d528423343dfa6fb01182dee921fad966b

SHA512
725978a02d27b80f667801db63e210e992651d12e2630040c62d0449d5ba3310b4c4f00fca01e9eeaa69ff24e00f5d23d710fe1b7416e218a5b2e1e5cc44db2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\cache2\entries\E6616230174ABF1FD818AD5C93959076700260A8

Filesize
219KB

MD5
cd68ba55067c2958700cdf4f10362397

SHA1
569265fb23f64c8736636f5e3e7840f1d9f41ba9

SHA256
69bdbe20eb7d29f92a798d7123dc0e9dcbdfe3091c7455a431cc5e54c098e78a

SHA512
893fbd387bdda599f493f929e5490639c0a545a8de87a9cf3a4f31bddd3f831f3166c19670923f6f5bc057e3f026fcb7ae462703442ecb250749fabf9959971e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YNQOLTCNURJG7UW6YB86.temp

Filesize
7KB

MD5
65849bce1800f9b82ac785521c141e77

SHA1
af947ef0e27b5376d6e06472308d03715da85771

SHA256
2c98418283d6039c2e7ed2c009249a0668744c7635da0450e5debc2ab73bc5cc

SHA512
a5756227c9a28f9c05796c3d944f892de2e440d9a9a470e1d4a67cc94fe14e0917dd4dc8a9709f4e448613808e66ac8f70f11fd1c6dbf85fc7173f3db0507e75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
8KB

MD5
481ca57a0980a9d0722bf75c334d94e3

SHA1
65d62ea5f0a70206d0f872066d189eba6639ca7c

SHA256
f211d721ef5a9a4f423156eec645594282e8efe3d99b4280013b7c2b89e26acf

SHA512
0dd615019530d03f65e8b38dcbeb159d5c32ffb490ce39275a5a67b564c9fda2e5fd14eac7a5ef54502fe883d1c75b3f3bd8b4e6a1a6ab50260685d76bf39e73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
7KB

MD5
f4d1d474e3ae133287457c4a5eb67969

SHA1
c47df59189d76d3d4432404b642c18dd3cea8c6d

SHA256
c76272ade04ef2033c2e3a6b7e8fb62807d7d664feb96352819601e81685aebf

SHA512
e410e8b33447d589d756dc4980f7d9c5d3fac20795063c6420d3a2ca8c955abab66af6fd5a51d04a689f72966ce1fac70b06eb474a13d2b13149c3989ee340b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
8KB

MD5
875aac0a179bb0ae20dae90f95233d56

SHA1
cc67ec083a5b27720a88e6af88807fb9f6c483fe

SHA256
97e854084eb10a270ac52b969bce6e51e4074892c17ea9379d5512730f9fc2d3

SHA512
87f163b72aee2f2aef7a497cc96aed7a81d05336548a5f72bf4bb986780e33557de22228771b4c3f6ad2c65ac296f824abe8e7e5be45e8ec16c53d8a4e688814

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
12KB

MD5
faa507ffb295094f47a9af5789c3628b

SHA1
5605c9a0601d896d0630f3ccfc027eab0df00ffa

SHA256
4be72762296d155af7b9fd62731ac89850adbf0813948ef580b92aa0e9a8fd5c

SHA512
928a444d0c496f77877d5e4eae674ba3ee47b6c75e95cdd6792ac52512edf9a6ccce8e93364cdae771d06431b3eb551d75d28d9ae38b57feb81e1512f4e8b0a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d997b3b9b04d8f5772d420a77a2cfccc

SHA1
800d6f15b7c73c29a089740efb071c03a1ae61ad

SHA256
5f7f7888193b0379ace961c3e892ba0e859834437897e41af7a4d11364a4f9d4

SHA512
501bf9dfc9b4527aa13bf102dbe9a5501d93b046c93153e6297411e6a52ab48bbfd62a42796b00d98ec3decfecc2429879df49fcb9aa5ca1eac7c4ad429e7232

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\6b7abddc-8145-4237-82f6-3f9aea56acad

Filesize
982B

MD5
8eb326904936a1799b4d474e889be95d

SHA1
676533b82532814c520e0d7a81d556d41af5a903

SHA256
4288824587305f1d6d6cb1bfd6d2ab9afe40581cf5975033568c09e569f07261

SHA512
fa565468668b08a47eccaaae0453fe733408ccd522999c817fbe362f66c33bb4b729b9ca65ebffffa6830362ac0d9e96f6545a079c37dbf0fcb40402115f3a77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\85b99fd7-70c2-4543-b9d3-1cd54151aae1

Filesize
25KB

MD5
c5d050d16c3492ec59366971315ed6ef

SHA1
dff5ff0cb6072f0644ea8768aead869dae477670

SHA256
7757c743846654d2be2ca56a050973b75286aac67a994ac9a4b954f2ddc21ee2

SHA512
5e2b963e4448b68073495b952335aedb8d35cd75b70ea2e75f5e4446dbf5ac0dcc04dfdc7a7f7ac89cdf70e68ce7572ddb6b6983e816a4e96c825d87ba3430e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\aadd0822-c116-4644-ac79-540980d7146d

Filesize
671B

MD5
de077bfd7fc87e233c22dfe4c3aadfb9

SHA1
6b20a649784206b6734b48aae086b0f47aba5769

SHA256
3546e584626b960146d3379900b85833d2de0b4d7114f052cc7745ac77a40572

SHA512
bd76f828655e927df07b62579dcc9a256bf5d5c82f22582060b50308198988692669a8ae63ae88390445aec0e643ab2499567a76fe5ce86fa373b8afae20efec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs-1.js

Filesize
11KB

MD5
55f58c59fd8723b4c2ff1114bdf18962

SHA1
15579109d8bad44b002d2ae8d63425bdcebb8706

SHA256
705fe936a313a11f7a49c696c49af10cdab7d23e8be89e0d5294368eabb6b334

SHA512
1c9c464aefe887b643bb2cc7c4fa2f01434ff4834e0de91d5e8e8f1be19fa8238b465858b08d4319667297b600bf8ab94a8273fb461f3fef58dc3676193ee29f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs-1.js

Filesize
11KB

MD5
f64694e04372c4041df95a5e61771360

SHA1
53a96dae7ffaef4e8ce25381568e507bb99e9cba

SHA256
a17d55c8a0745a78a6a11d8806e0797151da5f161fe1f6b42147a5dd6913ac52

SHA512
054a55abddb96bb5878fb21aec32415fbc5635487b045419489494ea3ba3fc4462179be29a997e97d79c97ef6c924048b05c553b23b3d7b13551440e9385b2aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs.js

Filesize
11KB

MD5
77b63ea2abad5f2ea95887e1ec58d2a7

SHA1
606f3a05abf0f3b3ebcad6b51367baae4a322e9c

SHA256
5849702e4d2f58a4d4605075e4ee86f5690e639194661940b8e78ac29cca3a32

SHA512
60b558ea3d079067afae4068734997dd22125b499abafb72d97325ce9ecad9a233ae939f62a38dcb40b7dc9337746e298484749a675d5accf4f756f5f3b74d00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
2c3be8ae02ab700d9c84ecdb1db5b3a9

SHA1
e3901a79d5490b6219dfeaee152bec44aab569b4

SHA256
273a789468f6597fcc5637192a111153af6aa8125ef76aa97301ff51dc756722

SHA512
4f0cefe40070a7b192a27b3fb61b7eab019ad846420c79a42171e95701c90b5ffdc2c0d8e4f616bf86e504ed92df0c4631d1371c6fae6605fb4ed7c4217fcf1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
460225444a8a3020a78dc203e83268dc

SHA1
7a1b125d950a472757ccb5131838d71a0bcb56d0

SHA256
255feabab248515968ddaf4af17bcb6d0a5c5e314bcf44a510bce8fddc780d5a

SHA512
4dc54b48bf76a42a327cfe07c6767337ea1a901f8a9edd20503bff144a20136c70aa4361b4d05834df73ae747cf6d5011d54c1bfb63f176f0c2d788041122df5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
43ffb9cd66a9d691db7990e7fb6a288d

SHA1
dff2b59ec264c01e7fbc3b40df30232783ec0c64

SHA256
417c8b945f11b2125fae4cfdb6810ea9cc35b010152cec2f76738feb2fdcfd3c

SHA512
3f9048684f7ab3f22bd9d55ade49d3bd221468af96088ff1123de228e824eb53dc4703f3a4fa7121517224b23c1fa162e6c316382f29330714d83016674d80aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
2b9a50c1bbabfa4dc9b62e3030555d70

SHA1
0ac87134c1fa321a8266525916ee26663cce21d4

SHA256
dea70bbef10b2efba2972913da0a88db6f8ca2a0e304fd8bb06d407fbef9a60e

SHA512
941fe632b74bd3774d77bce06345dbfb350b49d1ad413f43aa0ae49f68db45bc25e61ba6bed3e748bbf31bfa5ee7a52ee27b6ba8e96931c7a1b783e45fc345e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
6af6f79a18df44d8b75fd213fcca5220

SHA1
9270519b43e61b2aeafb697ce54d75ecfb4d3e46

SHA256
728568446122e1f53401a4748874d72029348749dc306059f506fa01891a0e79

SHA512
14f5669e4e24214657244a368272b2b31702afd0e5dada7f122ca0da18930b3a80d34d399635d41f3a97593536d0295eb47f8ef44aa527ebcdda900d37b3133f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
8255860b8695fdfdc649901bfeacd605

SHA1
4bbe1c7df50480dbb3040ffbaa48e602a6ca2a82

SHA256
bec2d8281836c9ed3ee3515b5e471f378affbbe6bd69d0711aa9521d6c2a7559

SHA512
a7f3531c447fa53ebb8ed96ab5625b8ed2eb5c2fe840d895fcd1b1b3696cf5535c10ab1270d251f95c8bc0c75110a8341771184092c19e8ed2ae96791c5d85d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
436c473244bf00caaf0b188ee77d7ecc

SHA1
e0e687544a6870cf1c03e91430a9efc6eba76f14

SHA256
10816ed5b9dbb7972bedfd6dbf959e19b888a67b77353dcf2304396068fb23cd

SHA512
8fac6a64c95311fbb1eeeb81c860180ddd2f0d362a1224ad6e608bd3f34eef19f5ef35d2c4a3fd631ed64be9c8624e39ae1f2cc72e305c417df09a1621995209

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
f3a4d248c009772946c8aba289cd34cd

SHA1
7764526bb3f5461bd83e9c6119a8bafe3e1795be

SHA256
367515c0799bb4f83085601fcba92e927d1a3b632e3f732a9e0a8c94587c4fa2

SHA512
5c43687d8500fa36f705e2afec2e813da8ccfb2334bf0c106c21cf060fada1b2c11e49ae1b8c06d5ccd6f95bc7e2a060f9ac72bdd4207c5149dede7a523303dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
d14d161cc99d65fdef0d9f35fcf8582e

SHA1
32a2fd1205a73474988b6a63b6d2f812cbc35f5c

SHA256
945c8764bee1ae5757c1946f2016800b2c33efa7806c9589d291c98f260ece07

SHA512
d95b1f78cc7cd153ad367d5bab8ebe65dd75df3ec9d68e1dea25ef06812eee5ffe94d109c63111f5cb354964f944d83f7bcb70a20ad37049c0d523c3ee63f8f3

Download Submit