Analysis
-
max time kernel
1661s -
max time network
1503s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08-08-2024 16:55
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://lnky.ru/sd0dr
Resource
win10v2004-20240802-en
General
-
Target
https://lnky.ru/sd0dr
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exefirefox.exefirefox.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 1 IoCs
Processes:
firefox.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
Processes:
firefox.exedescription pid process Token: SeDebugPrivilege 3740 firefox.exe Token: SeDebugPrivilege 3740 firefox.exe Token: SeDebugPrivilege 3740 firefox.exe Token: SeDebugPrivilege 3740 firefox.exe Token: SeDebugPrivilege 3740 firefox.exe Token: SeDebugPrivilege 3740 firefox.exe Token: SeDebugPrivilege 3740 firefox.exe -
Suspicious use of FindShellTrayWindow 21 IoCs
Processes:
firefox.exepid process 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe -
Suspicious use of SendNotifyMessage 20 IoCs
Processes:
firefox.exepid process 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
firefox.exepid process 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe 3740 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
firefox.exefirefox.exedescription pid process target process PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 1320 wrote to memory of 3740 1320 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 1880 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 3856 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 3856 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 3856 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 3856 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 3856 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 3856 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 3856 3740 firefox.exe firefox.exe PID 3740 wrote to memory of 3856 3740 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://lnky.ru/sd0dr"1⤵
- Suspicious use of WriteProcessMemory
PID:1320 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://lnky.ru/sd0dr2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3740 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59155a6b-53c9-4fe5-b865-1c5c80f79ab0} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" gpu3⤵PID:1880
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fc10e39-54f8-40f9-bd57-683e4b4cb569} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" socket3⤵PID:3856
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {060e079b-f987-4ac7-a086-66cf0cf9640f} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab3⤵PID:4288
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2584 -childID 2 -isForBrowser -prefsHandle 2736 -prefMapHandle 3592 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e42aaa6b-6c7a-4fde-8333-6954674cd63e} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab3⤵PID:4312
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4512 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1548 -prefMapHandle 4344 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5957ac74-509c-4e86-84b3-e8501e99f822} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" utility3⤵
- Checks processor information in registry
PID:1712 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5296 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8c86e2d-491b-4a1a-8f76-70efa0e3ea5c} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab3⤵PID:3992
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5572 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52144a84-86ed-413e-af26-65444cde23c9} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab3⤵PID:3604
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 5728 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee006b9f-2ed3-48ac-b166-ad17cb6c04bc} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab3⤵PID:800
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 6 -isForBrowser -prefsHandle 3188 -prefMapHandle 3140 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab6ef0dc-cc25-4178-81a9-ac5fb7d76944} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab3⤵PID:4872
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3188 -parentBuildID 20240401114208 -prefsHandle 3156 -prefMapHandle 6036 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead29a17-4b60-4b35-8029-9eeb0d02dba5} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" rdd3⤵PID:2440
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6076 -prefMapHandle 6056 -prefsLen 29278 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1587ae39-6400-4145-94da-c0502bac519b} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" utility3⤵
- Checks processor information in registry
PID:4816 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4628 -childID 7 -isForBrowser -prefsHandle 3788 -prefMapHandle 5172 -prefsLen 28006 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83ce5661-4c7c-40fc-8d2c-a4445c5a6cd6} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab3⤵PID:4564
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json
Filesize20KB
MD59a5ce3be51d4d5f5b12168ea414e4e5d
SHA114f755901b3135604c5c849052693769db8f192b
SHA25698dec55807096505c95ce0acc89862c9c2e23ece3e623988accdc7bec476493a
SHA5125413f9ead51f8b392b8e93ecc307a900dcda704494a44de4e47500065aa14165db21d16fa7e1a7c67364e2dfd30e918ab2828f86fce0a8a4c82f1653837d1bce
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json.tmp
Filesize24KB
MD553bf275a8af58771b94b91622f941367
SHA12422ef2ca62bcb2fea486878727bec01a17c2bc2
SHA256cdafc82210c82f51a345af69687f458b4a1dd3b31f72060116208d060db6baf6
SHA512c086d55d4b2daec5b538b770d81013e51f2ee280a2699d55906a9840ac75ae505cbff4e3823ddd94e6748ec4075104235221b4dd5e1425787ef35c25dae8032a
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7GBDECYECTP2GSDBJ1Z5.temp
Filesize13KB
MD51a78e6eea8a66b72bd272345adbf7061
SHA1614c19f2fb00d898d664c2c4bd85dbba5886d2ec
SHA256b8bff226223a11ff2088c0c9863d5b800ab5207550be6fa8ee40a1ab2f720fc3
SHA5121f3a308accbe465448a97b9ba96f863a3e89f2b42b43220e3ed28af2d7e53414d5f6dc719fcb1a176aa436a76d931b2ab2a62625de5613c6de7e9651f254eacf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
Filesize11KB
MD5299f7fba64839867aac78a89f27e0d25
SHA1a05d936e74a1f1ef822c05f2b2f90ec50478e58a
SHA256653eae65c1463022d91d18dc61c1d7072200c4e30ff7ade94ad45589637f9b6b
SHA512ece171cee8f8cbf52075401b7466238a687f726e05a19a1a81c234b7d6cbdee8f2c49b4039d10d8fb822e60a932f7cd9b696f9b21200d7d770cae94e815ed696
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
Filesize13KB
MD5e88b3d15c1f09ab0fda37dd37b0557f9
SHA1489941be5d1f61c5e8465e319871008a4f0b4035
SHA2564b37c1e0fc8a4a125ff3ef2beec9c9997159ff6459784e2e4684550ea6a2b616
SHA51234ef51100baaf912dbe081ae801ccd4df74f1ed14ab8a987ab9ad7f0e87cd290d42bf271131f4b3a76749e8517b18dd61a5535d959c7a72c5680d2cfe6e92381
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\bookmarkbackups\bookmarks-2024-08-08_11_UT4wYQLgjY-3vFiWOpYIog==.jsonlz4
Filesize1012B
MD507776d530444df861ad61e28b81ce943
SHA1e5b401ac606af8d3bec6e0a12e2e2e958b52d60d
SHA256f98d76826cdd3a0a6fdb4a0efbd6362092f5d53f4330dbd8f03e05d4b3adde42
SHA512c2feeca7e99e211b80902988c21e39dc95fd306da0160213b26e1bacb480548b44468ed3dc75e390ce670800248d97655a9939e7976becf1f1db3141d79d9f77
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD58853a387120c1c078f99149c1d4b79ab
SHA19e20b7ca10e9d3ec0a62dda2d745d6874ea6f910
SHA256c432eedf123a1db7b7775e46248d59c6ba6f84c73a6c92fc8ca7fa7c1e556ac9
SHA512b8b5f0c03d14301cee7cfb1f87a06289da83ae0ece6af1aeb06687c310e4ab67d1150da4897702a59df2bb1ad7203292f865b3394125dec26753acd818db41db
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD558936191fad6a8711bf4fcaad986c2a4
SHA129abe74424b0a90a583874d9cca1db7ea4c9a337
SHA256503b136d505119bd05435731ba8b16707d4ba7294fd7c262b74c11ce1e915a0d
SHA5121091bf903e7887280a66b3aa873950e4c98349695438cae05df8817c9f1d75f9fdc701c378cecea58b2a35d9efa094cf4f00b4465304272c624579446ca40f78
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD522b000eb012b38cbdd87e9da242a5ee0
SHA1dbb3720b844327e97c329595a41651213312da8e
SHA256de659bdadb74398e63ad7c565251156e5ffce6ca8c9786e52c909350963ddc5a
SHA512ab96dbcb6a1ccf4c4bad850279f6514feed843f142980481b331243d8d3a8c616b185eec4d2d48abbbea167f64bcc5f371597b98dcc5e4bc6d8f657a4017a17d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
Filesize79KB
MD56523715bd7379774847eca407d88542f
SHA16b2a638f08f12ee8391dd48b663a9b1c976fb9ab
SHA256155b717af7610f5c50944495dd11f12fd44eeaa4046d51db7ee3cfd8c2300ad2
SHA51258e5f14fd22a708c6c14f82dd36a7c93b650464a64d75e9c4f17bcec90afa64d9070ceff2a095e6ff5fc822b09bffd371bbb4cc5cdf5185af4e42ac157fa5643
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
Filesize79KB
MD52a4866e7fd5312e65a907ec0955aa79f
SHA1e25a5f4b3fb95196627ff1a08bd0171c30ebaab8
SHA256bf50c3a96ef0154d1a0dabe641119bae5da36de3fcba3515f2f9d11763b83b7e
SHA51203ecc6978146aacc09f22b68b25b5919319e398091550ff22728995989354f1181c6c6d2f956da6ae14216673922014b151d98a8e2cca4ad3949225dea325deb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\0b00ac54-4eb8-4860-b468-17819a0fac19
Filesize671B
MD57c0e9d297c4b3fb3b9fa3f9b491957ba
SHA1e3ffcee823d826981259cad01ac0e75fcc3946a2
SHA25682f10f51126a4003f22435ab3709039119e9ac133d79d1c9369b02f490b6c6c2
SHA5126293d6b108385c40ce5ddc1f76bd0f8ec07b33d7eaf697b8fa3e69c3f4b31533a91e4ae2b6222ca40d9ba0aae195de74db651d92759f98621431113ee272d307
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\96795047-9b11-4cb7-9308-517d8a8b8456
Filesize982B
MD5bfe131bea3c77264ea6f92e200895f91
SHA10e363223e777363fab0c39c720ce3c79078dc9bb
SHA2564a52071b42a792e34b0a6daf8cce36fdf0dd446d102ae2b87edb9de981409e53
SHA512a3df33dca569e0de233d3e095587f3ec78307bce064af43c61a389cf4ea137a91e9a271aec77755b3f5d06cf4ba307060159e06706e1ecefb2cb2add94d29a2e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\fa11c908-4ef8-43a3-be63-8a455e88582e
Filesize25KB
MD55a2417373515c95a29bbf253a6544466
SHA132f3aa4cac48d2a3d8387ad636f768d7bcc86dda
SHA256d23e8b9a778d362dfa86dadfe9bf34df263c1fd07d0e85c84447a585b4d633a6
SHA5125868bec2ecf68074bf365998e0ba183de5ef691267c4b6f77d99cdb38f9dedcadaeb961c82c0de8c80d0f4baa8965fde41d1aa6161f8c7c8b9170a5584c98de7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD510ba3edd02be29d1352f7380086add10
SHA1889f282bc385ed1c946b8b3593468611a2bf811a
SHA25602130a8c05e5eebafef6c4562c691922369e4433ebc0b2617f7d738dbc596441
SHA512bace8727839151a761cb1b1f275df018fee15a848f38722bc29737c05ec69fa2f5087313820c11d8c809cef72bc172410cce1807608d532932b26fe6b92e1271
-
Filesize
10KB
MD59096f4e214ae9a8aac61d6512f95cccb
SHA19690c4f92c8b440605bfb855790318fa681894f4
SHA2562b3ec38402cacf203fe1bb2f621334b029902a6f446654354cf57a886c43841e
SHA5129519d814b23f3210f358a500cf6fca233fa35a098824230eb5067f48f791d787c7e8a61f40eb51ba8391bcb7ddbe2daa667259d7e003d3aa732e71d2814210ba
-
Filesize
11KB
MD566f7886bb85aac926bcd39eb8f5064e4
SHA1bdd9d02c9209b8b36469dd4e41c0e54c843b3624
SHA256e7dec6adffb4dfcbd1f0fffac99e2fac1de3ec442b68ebe39e8d1f39247cda7d
SHA512ccfa4279082de3b130fd56ea53168bfefb9c3f3d3200b613629ffba90540d79a8d418291abf2c0fc51d3922d017961082fadf220769d96a13cc8046437555a22
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
Filesize40KB
MD53132f0457d6277dedf6ae018544191bc
SHA1505f9eb9b11a259e08887e353f94147b025c8003
SHA25675ca9910bef55d6d08854b90f947d8fee8630d38aee90ad3f165a99bd819ea8f
SHA5126fec6f9493b7f584e4dd49293df99a19afb1287cf813735d40c0dafa387de2332ee764e0c13813727f0b07694ce2a28d0a458a97cc3237bef3a3a71259ab1b18
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
Filesize43KB
MD55758e1bd65012f4598aad3376bf48786
SHA106d5fc0370c3a74b02e16474807487cbdfeebeaf
SHA256e2e93591e81270e469e4527f94420b60def86e17a25540705341cca7c6242d1c
SHA5126b1d99b8aba013cd79b980f70f75b42eeff47b619fa65a8ceec9fe5a410165b379342889253bb9c1b9fe5cc988583bf3ae43ce83dcd32cb58eb627067a92afa9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD53881f92d85da6f67416abc977a2ba3a3
SHA12359a65164b01bc5b9c8a49522676b5a1ac60d5f
SHA25628553f31b37eb6d4f6cac2590a97956cd5a376f30f1ba7d5de29465669c3f23b
SHA51217d7bef92ac5b9d2d62f0341f952a1d7e3ea44a4d186a596d8cc74286cfc22e54ce268d6601db075594e86382a4c753487952dab502a1a56f583d93ed14184c9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
Filesize43KB
MD5f72c101d2fabcc556b9e399177dbc0d4
SHA1df408f9e629b96223686b658844a1255e59061d6
SHA256c77a46707e0ccd9817b535299739af063a68825bba7b3a6e7b47ace0d581d462
SHA512bdf86fe9ecfaee1dc225623364bd66b27f6a4c21e578fa6d3f95598ed676e374946b1c5696163fc66595727216112196edbf6e425b8ef1e6230685f93d5f8f5d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize592KB
MD5d438dc28c9d463318b234a54fd3630fa
SHA11160b9903dadab55dbfeb9bda0299d17c982dd8a
SHA25696f27267e7a89c0ffc5ef8b838fd5939e69ae4b892782618712ddb2ab6f498ed
SHA51283ef8ac55baa63702ef3b9e98ed12c93983f1dc5d2a34a32fee58eea698db68347b92f182ab9b4486e7a3b613d55bb52efb3f11db6164e898b99e60ac9697075