hxxps://www[.]google[.]com/maps/search/Microsoft+Teams+Meeting?hl=en

Analysis

max time kernel
34s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/maps/search/Microsoft+Teams+Meeting?hl=en

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3556	firefox.exe
Token: SeDebugPrivilege	3556	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe
3556	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3556	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 5764 wrote to memory of 3556	5764	firefox.exe	85
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5560	3556	firefox.exe	86
PID 3556 wrote to memory of 5300	3556	firefox.exe	87
PID 3556 wrote to memory of 5300	3556	firefox.exe	87
PID 3556 wrote to memory of 5300	3556	firefox.exe	87
PID 3556 wrote to memory of 5300	3556	firefox.exe	87
PID 3556 wrote to memory of 5300	3556	firefox.exe	87
PID 3556 wrote to memory of 5300	3556	firefox.exe	87
PID 3556 wrote to memory of 5300	3556	firefox.exe	87
PID 3556 wrote to memory of 5300	3556	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.google.com/maps/search/Microsoft+Teams+Meeting?hl=en"
1⤵
- Suspicious use of WriteProcessMemory
PID:5764
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.google.com/maps/search/Microsoft+Teams+Meeting?hl=en
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a586ff8c-48ab-4461-9471-d6336a47b309} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" gpu
    3⤵
    PID:5560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45c46201-902a-4701-b8ed-4d6d26cc1e0b} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" socket
    3⤵
    PID:5300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3052 -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 1588 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bcba6a1-e5fd-467c-9ad9-0e1426af5ee6} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:6052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 2812 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20d2c674-29cc-49b8-8fb4-7676c44b222b} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4716 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4712 -prefMapHandle 4708 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97069812-0427-4c03-a973-55369bf0a890} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" utility
    3⤵
    - Checks processor information in registry
    PID:3224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 3 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7026a4de-e7b6-4df6-8cb2-48e630dc7b36} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:4056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 4 -isForBrowser -prefsHandle 5756 -prefMapHandle 5752 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bee4f185-ebee-48c6-a387-e3524e4f585e} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:5464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5896 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {231805c8-feba-4edd-a9e2-76d2db714af5} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
    3⤵
    PID:5600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\activity-stream.discovery_stream.json

Filesize
29KB

MD5
0c7fd42f2005e5652f36c94598263531

SHA1
0e02686919bba111cf5107b3b7dcc480ef6e843d

SHA256
e8d75b3ba933a89304bcf4523e4a3e01de0478003fa518fffcdfcc73865df13a

SHA512
cc29c4aefb2dd21bbf1936e2aeb240cd70ffe03be03ab29b27cac65edda1702b0807a52f31d5c822a679bf508bfed55f9da8ba26480c4cca76db6a3e32de4596

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\49E1A2441FCDA7AA9AD91F79E3F704AAFD461E83

Filesize
48KB

MD5
3bdc3bc317f127a1fac2b38450444838

SHA1
d01177a9246c1cb43a2e9f3fb36e4c13aa29e2ea

SHA256
d7f738cf8632db6a01ffab8c34c0c4ac20ad842527f33503aeb78374203b978e

SHA512
44d7ed9888b2f91a515b4943f7a0602e7a1a71efe2a419ea60e1d2b22090fae52c0532f97470a7703eaa2955c74ed4f85dfb4979c46c5bc2948ecb83879b8034

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.2MB

MD5
7b18457a3a67e4630742abfe0cb2eb60

SHA1
90871f50aaff38ab2f64a7501991ea414da8787a

SHA256
eaa364d93ce13e41eb0d42963d2c3af43714247da9b5e1062648af4a98b1d75b

SHA512
e8e85cd048a832fe98d3c07e1121d51f9749a9c39758aeb227301fb097ff6d29aca28f3017de18d2868eee53bf7c29a4de27e33484266f5203595eea06551938

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
6KB

MD5
a6aa968da934ef152c54d5ba498331b5

SHA1
b829c4ae0123d044787301c83222f864c96685e2

SHA256
dfa0b333f6fe8c26d7c23cd76929dad0910de425d94298cdcf2ce78716d03ad0

SHA512
8e36d2c532a0230947bf1f938eed4e77e0a5151c39e123913600d2d0405f2961ae7f7fa9d08db4b2526a40c0422531e79bbf7bc71798cebd425f2f48b6164894

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
10KB

MD5
fdece54890f05aade76cbf7ab62cacdf

SHA1
44980c7ced33a1208b736b1707acca04e62c8530

SHA256
c8283b0f8f2eec4e79cd043aeb02b62f46fb37128cc2547da1d43f87c39b939a

SHA512
8be8efa8e508c1dedc89f8db00b013c29ca098695c6e2658f161b5879d07e4193ffc9b34f0518a3041f780bc0cb4fcfc33eae20ecf2e7b0c3b423b8d61e1f06b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
13KB

MD5
a19357265e7c6f34256b137463342b6e

SHA1
7ef33235dea267d1c76e727908a2d4b810a4c690

SHA256
1d80329f687089049325124123a5a1ff6630d01e1a601a79a42dfa04ec4e4eda

SHA512
04b57c441ed3f4f98ce734498e431d3ff091693644e7aa9256db39a51044b46487be1152aeabfd4bcdc5fdea8977a863c7f9b04a66dc8d2bd4a759574d58ca7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
15KB

MD5
1f5c732396d51192cd5ac035ece50a11

SHA1
5f72abd96399e36dbe6d3ee9ccf4a6202b5e70da

SHA256
e92877b107b761bbcb30ad12daf0f9f837d34c5130ebac00ec1f3b94727700bd

SHA512
52a732421bffc4945ec561b7bfe03067e595d9364f29633ecc1489e4cd9a441fd07199187cd070e2977f05d80ba7863d8824d8fe14c8a405967f475ecde13903

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
18KB

MD5
3c6468463b83cb310f92b9924e21bebb

SHA1
55dc3e1f0129cd199fbb54ab2f59e8b10f2fd850

SHA256
fabdd423ab22d350f0d6513ae6c2144519c374e8b7ad0c8ca17646ca994c389a

SHA512
fb562388a6dbbda318a02ae3b90543dc06a74d8471355723ee71de88dd20a558d84d69ef8b76e97c15c239d58896e04ce40b570d3cfbc9831343ab85bee83b09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
21KB

MD5
90f87fc4161759abcd29000f80961acd

SHA1
8ded5ca69c2293ff9d36399173f98eda3c4a4f7f

SHA256
3b1fa033bed11b1053ca0ce6349537022025f74f205d2829b73a767fa5f07a9b

SHA512
5b660c1d58dcb52d2f1c694639607d8abf8a9ffae48101ae6da0459b8a2b5c5d053fe340aa8eacc0e02ac036bab06f47a938a1dac3762235e5baa5a0252c47a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
26KB

MD5
49371f11c9cc8689a10f267cb9d180d2

SHA1
f329ad2be59776015b295c70130d818c926fb879

SHA256
69991467066e1dc3535a47bfabed0a958c11d1b23073c210ba2bda1246a4c52a

SHA512
8c11671977cd1a8986e3c8cf347a85a7dccfde1481cdcf7d531fedaae43a960bb87e2e469e4f8e3860343bb758926ed41b9d56b4a0fa0ac0ca7cee5d4622152a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
00243930e3629f7c67a048d26fa59521

SHA1
8cc3db66e1e1600f37e5db735c7f886cfbc38cf2

SHA256
f6afa83899f3d9773c4d2e6b3ddf78c6289374f17aa05f572221bf7481e7550b

SHA512
bc4eaa49feef304d3313c820c52f0e623ebacc173f6805998b5c55fedede11d7ca4c88a414ba4bc2398ff69f2bb61216144960fe80081e27a7de2264a553a4cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
38b7779b5e8a4eae06a042e3b534be8e

SHA1
c8736411013a890ccd4568a1efc023cedd069aca

SHA256
c9414749a5f1ddb42cc7f5eded638e74e3c477dd289a01a6613733ae82e4d386

SHA512
ecda2ec71c51b6a8f5c52c7682486341730eeed1867475c2edf230c8b8aafc66af8fcc41f4cd9f95025aa98c019ef85b6b73f5d9adfd9f3341fc93d62df122ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d46c2b73ad2385a0a6213eebefda2969

SHA1
c64c08fb1028d4d20701cdc83b46a3d69d4ed6d5

SHA256
b790d26ab16c2e9f0455dd46033ff85c2d75f98a6bc374687d8b2dc0ce5e9197

SHA512
dea53fe2340b164769caebb38c4621925ff261c8d2f7c1d7864db5fa1de5720535a485e6dc4775422dd4a59024caaa95a82ccfddc4e49a1534d60eea235a00a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\4d90ac19-2c8e-4999-9efd-46468f307e55

Filesize
671B

MD5
5df624bb65b85c5338aa58222c2d9153

SHA1
58687f59be4a5fdcd7c614c3bca0cca0e213852d

SHA256
168571aa1b151801e8bd9cc1ecea493230face5b049f5a028503d0c8c2d67248

SHA512
7cd911061951e2c98be18b256a082bbc52037f49f559d05e9eb6b0a2cd048fa860c279ab9da8ae73795e3db0df638719e7fd10e5aad43c8f608c807b36167b28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\87adc239-1180-4dec-ab4e-d76ae29811db

Filesize
27KB

MD5
a65ee496adfd20f934f35f78fd69f64c

SHA1
e855821339a6730b80b4d85fb9986f34a8dee874

SHA256
97bd1b23a7a73bb83bd8b51c7e0aae2f485b47126fa70dfa296ae100a384ee0b

SHA512
a17b31e14fe0441f5d0c7d9d4dc542ea1127c4c77d2c18194a7281c96c829f6c466997fc3ddbbd7fc6098e52920360e86632e63575a6cc085cd959d97697ed21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\98d27388-518a-4c93-a5c7-17c934a81556

Filesize
982B

MD5
eefbe33906e2592d95fa013f1283d800

SHA1
9a4ff6c58e6688426b9acd0e21458a8f40d094a9

SHA256
57fd188988212bf20a59c587f01021e918e0f9586c1a59569105287d0c05b889

SHA512
ea0cb51377830df9bfcf35da857ee466ae17cfc877d0f5bfc574c8b8e3564f44f276c9c2d248ddcd775b49e6cf670ad95daeb0cfd2c72377580487259157f170

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
7.4MB

MD5
65ad544514a08349c2f80344d53f7695

SHA1
f865d43eb6da9ddbe64528772cb874bce7a8b668

SHA256
97bbcedf703fa7f1224a5d2b7e9b8ed7696fce8665750c94389e9e82bc8f1582

SHA512
a0f6fed6da7dad72f2cbfc3ca42b887cb4edcab7b91461691ca0e248a3f8760d85238169c4a2d89e10657044584ff39b1df51fd699cbdbb9fb8d5d0a436ec028

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
11KB

MD5
1296fc763b905ba5e1ce6d5914a0dd02

SHA1
0c34bdd5471793410b250510a4b4085045c14af5

SHA256
37e65f973402fe690bfc037070f21098e99bcd294b6cf3b563b3c4988c30148b

SHA512
1a3b05cfa665e0c14af0500689701d9cc7ac4ad5c745d505d0ffd48c9a78ff5b8cae0c3de631e96b6a87ccd71415a9c80bce4d1f5da4f6c8509a436db0024835

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js

Filesize
11KB

MD5
89f65f7bc9727942c916019c4fe78ede

SHA1
9f6bac5a1425913f4231e6de20a8822f049114e3

SHA256
f1e05f809103d4c22bd8c906bba9080791d0cd14375059d51b6bb73646a6029f

SHA512
4bc2fe5e965e6f8c3a9756baf47b4b2effe2a5902198be647218684663c293c06552b27b240e3ec5196738a7efab232c05d13f4c2b94c645d246f6cb628b1151

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
3093a77ad59a0739504dde4088d7d3f8

SHA1
eb397ff4ac5d8c3a3ad0b955d18d2013fc29be41

SHA256
1f33e7bff59c09fa7a7a8c866a5c7b14ba93ef00f7284d5a3c30879a7b35e07f

SHA512
77d246b388cc1568c35fcb3f8a385cf06665220375506d0c21c05a084943f48b4b7851d8f39fb6e381bd44e1dc47cd2ae368d182231de6ddf0ad36e33a21a4c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
a189f92d14d5ddb0fd5ca892254188b4

SHA1
4bfaa34f1bf8141b7f135fe837fb38fdd60050f3

SHA256
268e69f8b71019289f38aa11e55094d42d890f84a2ba1c5ae6c17e912a1fa04b

SHA512
a3b1fb9df9d4eb7e612c0c2f523479e0b7eaa3c1eedd82be85172ad59bede077d23cac2c7d90026df0a09d254bb953fa50461c18932200b5df0c7c36629b123b

Download Submit