hxxps://email[.]email[.]pandadoc[.]net/c/eJxUkE1v1DAQhn9NfMvKHsdOfPBhYZtDEagsh1Iu1XhsN2Y3H0q8H-TXo60o0Nur0TyjeV5vnZYuNsyPdOrDkJ-Tt-vhc-7vm8duv3Xfu37d1uG-1SxYUYNqjFFcs846Hz0KbohqYxrFXS0iKS4NF1VFUrNkgUPFDTdCS1HpTRCKA3qNsQY0noqKhx7TcTPh4NGPtBlCZml5zjNSQHcMNs-nwI62y3laCrktoC2gxWn6h9DYF9C-vV9Ae4ZCtnk8hKGQuwBece294kANSMdJcB-j9ND44Kl-jbKOhWzZMOYUE2FO43CrwRmFqIQqnWiorAhEaQhiCRo8xBpqajQb5xcc0voXglP_JXbrYdte6-y-4oe78PTwkc126NEnn5ZUVPx4wRJn6lIOlJebApvDOS1_bjydfy5jvoPO6SzdJ1wndd23LNs3y_9imXF-Ce8my23jbIFdxvmwTEjh1eZxd7le5Q9Q8_5hZ9y3Xw4vw-8AAAD__4s8qHE

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09-09-2024 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://email.email.pandadoc.net/c/eJxUkE1v1DAQhn9NfMvKHsdOfPBhYZtDEagsh1Iu1XhsN2Y3H0q8H-TXo60o0Nur0TyjeV5vnZYuNsyPdOrDkJ-Tt-vhc-7vm8duv3Xfu37d1uG-1SxYUYNqjFFcs846Hz0KbohqYxrFXS0iKS4NF1VFUrNkgUPFDTdCS1HpTRCKA3qNsQY0noqKhx7TcTPh4NGPtBlCZml5zjNSQHcMNs-nwI62y3laCrktoC2gxWn6h9DYF9C-vV9Ae4ZCtnk8hKGQuwBece294kANSMdJcB-j9ND44Kl-jbKOhWzZMOYUE2FO43CrwRmFqIQqnWiorAhEaQhiCRo8xBpqajQb5xcc0voXglP_JXbrYdte6-y-4oe78PTwkc126NEnn5ZUVPx4wRJn6lIOlJebApvDOS1_bjydfy5jvoPO6SzdJ1wndd23LNs3y_9imXF-Ce8my23jbIFdxvmwTEjh1eZxd7le5Q9Q8_5hZ9y3Xw4vw-8AAAD__4s8qHE

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3596	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 2032 wrote to memory of 3596	2032	firefox.exe	80
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 4072	3596	firefox.exe	81
PID 3596 wrote to memory of 1408	3596	firefox.exe	82
PID 3596 wrote to memory of 1408	3596	firefox.exe	82
PID 3596 wrote to memory of 1408	3596	firefox.exe	82
PID 3596 wrote to memory of 1408	3596	firefox.exe	82
PID 3596 wrote to memory of 1408	3596	firefox.exe	82
PID 3596 wrote to memory of 1408	3596	firefox.exe	82
PID 3596 wrote to memory of 1408	3596	firefox.exe	82
PID 3596 wrote to memory of 1408	3596	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://email.email.pandadoc.net/c/eJxUkE1v1DAQhn9NfMvKHsdOfPBhYZtDEagsh1Iu1XhsN2Y3H0q8H-TXo60o0Nur0TyjeV5vnZYuNsyPdOrDkJ-Tt-vhc-7vm8duv3Xfu37d1uG-1SxYUYNqjFFcs846Hz0KbohqYxrFXS0iKS4NF1VFUrNkgUPFDTdCS1HpTRCKA3qNsQY0noqKhx7TcTPh4NGPtBlCZml5zjNSQHcMNs-nwI62y3laCrktoC2gxWn6h9DYF9C-vV9Ae4ZCtnk8hKGQuwBece294kANSMdJcB-j9ND44Kl-jbKOhWzZMOYUE2FO43CrwRmFqIQqnWiorAhEaQhiCRo8xBpqajQb5xcc0voXglP_JXbrYdte6-y-4oe78PTwkc126NEnn5ZUVPx4wRJn6lIOlJebApvDOS1_bjydfy5jvoPO6SzdJ1wndd23LNs3y_9imXF-Ce8my23jbIFdxvmwTEjh1eZxd7le5Q9Q8_5hZ9y3Xw4vw-8AAAD__4s8qHE"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://email.email.pandadoc.net/c/eJxUkE1v1DAQhn9NfMvKHsdOfPBhYZtDEagsh1Iu1XhsN2Y3H0q8H-TXo60o0Nur0TyjeV5vnZYuNsyPdOrDkJ-Tt-vhc-7vm8duv3Xfu37d1uG-1SxYUYNqjFFcs846Hz0KbohqYxrFXS0iKS4NF1VFUrNkgUPFDTdCS1HpTRCKA3qNsQY0noqKhx7TcTPh4NGPtBlCZml5zjNSQHcMNs-nwI62y3laCrktoC2gxWn6h9DYF9C-vV9Ae4ZCtnk8hKGQuwBece294kANSMdJcB-j9ND44Kl-jbKOhWzZMOYUE2FO43CrwRmFqIQqnWiorAhEaQhiCRo8xBpqajQb5xcc0voXglP_JXbrYdte6-y-4oe78PTwkc126NEnn5ZUVPx4wRJn6lIOlJebApvDOS1_bjydfy5jvoPO6SzdJ1wndd23LNs3y_9imXF-Ce8my23jbIFdxvmwTEjh1eZxd7le5Q9Q8_5hZ9y3Xw4vw-8AAAD__4s8qHE
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {723287b7-1e6b-4ab7-a79a-30dace256f53} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" gpu
    3⤵
    PID:4072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2344 -parentBuildID 20240401114208 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49b32d7e-137b-4a0d-b288-6ca611667d98} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" socket
    3⤵
    PID:1408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3380 -childID 1 -isForBrowser -prefsHandle 3424 -prefMapHandle 3000 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94ed45f1-9785-4f88-acb8-cb5de453e6bb} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:1440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3348 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3656 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20f44633-b8db-4b83-bb4e-b6c40b69bc1c} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:4024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4664 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4784 -prefMapHandle 4772 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b04c09f8-3e16-47eb-b0fc-5571454ed5ff} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" utility
    3⤵
    - Checks processor information in registry
    PID:948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 3 -isForBrowser -prefsHandle 5304 -prefMapHandle 5300 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aab98aee-f331-4999-beff-378c9f5816d8} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:5056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5528 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bec4a7e1-8854-4e7a-9215-fa4aac40e301} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 5 -isForBrowser -prefsHandle 5732 -prefMapHandle 5736 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e91179d-1fdd-4482-91f1-cdaf1dc41720} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:3052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5924 -childID 6 -isForBrowser -prefsHandle 5928 -prefMapHandle 5932 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca2b1f3b-ab65-4805-9da9-d491276d7744} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:2064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6200 -childID 7 -isForBrowser -prefsHandle 5732 -prefMapHandle 5736 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1316f8b6-4a00-4866-a649-1b851192db82} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
9cb630c2b2461d99e1cfca6e1e6fd0c4

SHA1
43b65f0da80e3ec9349baaf1b1073f5354148bcc

SHA256
ea1ddbcf6c901b891c02a194dac19a4b2c4c2dd5ff6af79791a3bcad815e5af5

SHA512
9a0a7e5f94bfc97d9da716aae0ba211c097ecb78e3d9b5154bf80178bba08c681bfd67046283a0c593b0e623b9c50d0e4dac3c815aed64edcc6a656bc2530cd0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
7124c62e3f262ecf530382c1112b4f70

SHA1
43972e87b0f8044b05d0e94bd995f0ef38437469

SHA256
c07fa081b5b03db805ef3abfeb907c8a733170f9434c91583033d78688a7c950

SHA512
b0239938a3268d1850f24e8cf4a1404dd60ecd16e9928a8a50f54624a8ba4c2c0a6430ea952945b781b312ab23a3ed963d281b0b78256fdc4bf1c4d755999a23

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\cache2\entries\C58E1BC7082CE7B33C4DD57688D0CDE0606A6476

Filesize
13KB

MD5
01113961ae49eddcd7f67610fa77b72b

SHA1
1913eba80d15977e45327cc7f568e806e985fc69

SHA256
7817e19bbca0aa514eedfd3fcdc5325911c53761d54d69e12bde8650406265c7

SHA512
d33b57b79fe62b8bf0cb6ee0de5792b21d40d6ca39ca638d336f5241da0410b20ac1d4f14985dc0e0f2ac5b4cb472e57b06716e478820055fe08763efaa67487

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
6KB

MD5
8f9c12ef06d3223165a5b039ad58027e

SHA1
e6342452f26244cc23f219b0bc86d9c7cf438021

SHA256
219cef434c95354c449ca98dcec741e816aa373eb2a8325b25450252912e45e4

SHA512
941f209b8dcdc50b63ad96a9a0bb4be5b00bc4f979eec5f8fb8b2b98c88a37b077c7ecde056ff0c298592e79f93357bc5f8c58195fd380c6880fed32f430587c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
6KB

MD5
b6b1648213e2362f6ddaa324619a8e6c

SHA1
6716a8f87895fb458787b3ad2fd7f9d210459ff7

SHA256
c8ed055f21bad034880d04f1ed366134f276ecb461645e1b91d45203b1612051

SHA512
31785ea4ac09221b3c90b0d1257c3814b6a0aab0b9640050ce9372ae8867ea78532c607521ba49b725757abd56a67fcd3841184c6dfb9167da44b2f2f374c08e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7cfae5bb3c936531567ab03d900bae57

SHA1
7f3ea0bafb2bc67f5085e4efa556f57ccbc4abc4

SHA256
a30ab2a1123361725d6cd59675392780497763fd15539b0294b452f10c0bc209

SHA512
bfc6d0555499a67b83aff6f2e4c5605c5bfcb34083d87da9625f99db9674b55ec16b5f39506e2f1e9ee7cae59e7f9103262cb59383552c19f98f28205fcde2e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
2e54b684ae182850f02fd0c4e85c3d64

SHA1
d797ec6ef0c9923d228670a0e42cb9a615435644

SHA256
713b8aaa44d332632117123b4eabec19ba7fcd89151fabb9790502cecb6ea1cf

SHA512
06b502f5766d39fff21136976d2e5befb5a50b69c27d3e64cd25b14b91d3cb4d4c34c3fbaf8759249c2a0b83aef935839fd5ca0eef145f9bdcf83bf9a708e11a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
00d2488b03dd461de075f59050b22dda

SHA1
edd8156778a2a0ab74a8c84feceee0f36182fb55

SHA256
29ae859de8776d19a269510b6ee26880241d475224a12aa63930a6652b2a6fb1

SHA512
a4d149ab81f12826efc1ecb52f72671675c5f40f46ad2ce0b8481e57c48d6b83c778175905d0009b63725b261634bd204b9bb6bc83d5dfd3786157ee1e710fc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
a5f1f1108b43292f63fe01ec89eeb049

SHA1
e0390ac79bb700f3a2382211baaf53089f8ab992

SHA256
38235e1577a1c85947403cd8de016ccdc37453d161a612c2f9b5974c09f11686

SHA512
45d3185eb82281f0db36348c738ec3f9bceda4b0a9866611fc21904f5b27bbb2d614255610eda8afc85360e7f8bd7d7c7846432a8e989966a15e2a9a5ecc058e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\4125d0c0-0245-4ad4-9371-f0e458dd5ae2

Filesize
671B

MD5
e201f0c925794821a6fc969499b3ae51

SHA1
5def4be207faf4f4c075b8559a1c61fe7204d01c

SHA256
e133c990d81723a667706898296944c03515bc1a0732d7956f07d6eab183f5d4

SHA512
15e9193f57e3454bc907d7cbeaf5b31f01c1036c6b935f72c9e21ca0ecc9d098f5afa0bf204d8426c366d73d82e541cb06f7c37d97f54ace16ee6dcbada4b6e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\f464ec23-7af6-47f5-992d-7697f75654ff

Filesize
25KB

MD5
2964a0d8f5b627f99c325d61788010b9

SHA1
d14b3364c7afde610c3e99ec92f25055401cf898

SHA256
6952d27b2eaa5fc759f0571dd8e828bdaa59aef862781bdbc63c5884957d9678

SHA512
f443edcccca9b12c49e61702fd5e45ebe58076836f9423ab56f5375bd6ce515157b42b28b82571fff7b1067f8a5e150b2aaad1de3c660e8386f64479c6f2773b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\f591f39d-ebb9-4be0-899e-ec68566c336e

Filesize
982B

MD5
e03dc26b03bc02d91c9ef22d8df92ecd

SHA1
f9474db0461bb11288cfad529af4c19709f8749e

SHA256
5d146840386dbd272c9dd7c103d0465372e7bed47555cd06d5deea9e4c046e58

SHA512
dd0860a9149117687fc64c920c02adb59f717f7fb9588c0e4c62ac66dddea310f535d1f273c9e1bedc026be87952f9165049fdbaab069505f25f2f9b6ba7b72f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

Filesize
11KB

MD5
07db7d658047013e9521674ccfcb007c

SHA1
600b32d92c609f0dd840d04cadf7f3fd5146695f

SHA256
24525539473fc473cb52625155928cc58cf79923288c7af92afc20e4a23e3b5c

SHA512
ce3752a4797d3d2ae96574ad128a4c5e7013326ef0b83c7034d23440d088c2dcadb53c8f56d124502ec38c5cf1c6719251a8e3eb64eabb1e218d5c4a4a264b48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

Filesize
16KB

MD5
823644972ac9ff2aab232bbfc7d0cb50

SHA1
f938322e79ef236f34211e9b37935d02d9cc1ccb

SHA256
67bbe7eefc68a9bc0bbecc0abc9d79289a6fa8839e8b17e9b689566ba58af25f

SHA512
7ded91c73c8159ce6a0616855fde403e27a9ea14b7b098e17e45144e2323360ea1fbb54ff37d75d759b2338c8fce89643b715dc8d4aee7699b0091dd075b8ed6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
12KB

MD5
a43ff2aa476a3f89af1ed8ef55a657b9

SHA1
9efb3ba81b53baea1da91bc496e396bb43d0c57e

SHA256
0b61fed91d2be8c50a33b68e18f2462fb64a2cf2bc65ce70a6c4edb29952a9fa

SHA512
01bd96af268d51f6d2d628650b2d0ab1e12b22b90b288439450354875eaa46c305cf003945d6ad8d61232309022c2e23ab196cdcf31db7afd65157af593a876f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
10KB

MD5
70b801e87bfcaadf5b6f327ebecdd8ea

SHA1
991944026944a8cbdc96178598bca4e59d9071b0

SHA256
117beefac235d578ba971a23aed30c6b1952239acc4729b77c26405ade56779e

SHA512
9b9ec44ce039ad3f97b9251ec210127eaa3d524793c0374ab032952b9726dc56a16316eee5580d468f6abcd983e554ba0fde1bfb188c30a111296dd8a6549c77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
d1783d5af9066b03e5b2b100318a9886

SHA1
5b3b7cd1e62a8506265bf970d659b5fa966ed47d

SHA256
41c94a266169fcc9fb5029088c7135d1be8570c95c67e068090cf83801bc67fa

SHA512
ebdd7b791344e77c6c5ea4f075440f382532bec9cdf2e73dfb5077e3fc8c3867c29593b518010a2ff19519f36f993c451649c90532af3b73fdda8d40d6239f90

Download Submit