hxxps://igetintopc[.]com/stardock-start11-free-download/

Analysis

max time kernel
204s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 16:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://igetintopc.com/stardock-start11-free-download/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3968	firefox.exe
Token: SeDebugPrivilege	3968	firefox.exe
Token: SeDebugPrivilege	3968	firefox.exe
Token: SeDebugPrivilege	3968	firefox.exe
Token: SeDebugPrivilege	3968	firefox.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3968	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 1048 wrote to memory of 3968	1048	firefox.exe	90
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 1336	3968	firefox.exe	91
PID 3968 wrote to memory of 2332	3968	firefox.exe	92
PID 3968 wrote to memory of 2332	3968	firefox.exe	92
PID 3968 wrote to memory of 2332	3968	firefox.exe	92
PID 3968 wrote to memory of 2332	3968	firefox.exe	92
PID 3968 wrote to memory of 2332	3968	firefox.exe	92
PID 3968 wrote to memory of 2332	3968	firefox.exe	92
PID 3968 wrote to memory of 2332	3968	firefox.exe	92
PID 3968 wrote to memory of 2332	3968	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://igetintopc.com/stardock-start11-free-download/"
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://igetintopc.com/stardock-start11-free-download/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f9b415b-ea6a-45fb-94fd-408f47199e61} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" gpu
    3⤵
    PID:1336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {726bbdf3-9b30-4c10-b135-457f77d7d5ec} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" socket
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2644 -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 3032 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a949ee38-a207-45ce-9631-3f13f3214c96} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" tab
    3⤵
    PID:3668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3760 -childID 2 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15d00eb6-337e-43d4-8f28-20fa068955cd} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" tab
    3⤵
    PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4912 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4896 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9b2984e-0c24-4bf0-a0e7-253e7313e8e3} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" utility
    3⤵
    - Checks processor information in registry
    PID:5336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 5284 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d23729f-fcfb-455d-81b5-1d28172d312d} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" tab
    3⤵
    PID:6024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 4 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15b5355e-2ed7-424c-b9d3-73f2eec7dcb1} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" tab
    3⤵
    PID:6040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -childID 5 -isForBrowser -prefsHandle 5748 -prefMapHandle 5756 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db9846ea-2aa6-4d50-bf64-39ca60a7e25c} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" tab
    3⤵
    PID:6060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6108 -childID 6 -isForBrowser -prefsHandle 5192 -prefMapHandle 5544 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b440893-329d-4755-a4f2-61303469dbcd} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" tab
    3⤵
    PID:5136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6272 -childID 7 -isForBrowser -prefsHandle 6204 -prefMapHandle 6080 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84f73db5-1112-41ff-bb7c-6366160e0a12} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" tab
    3⤵
    PID:1480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3320 -childID 8 -isForBrowser -prefsHandle 3132 -prefMapHandle 3332 -prefsLen 33958 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cd14d00-a614-432e-991a-d5edbe54d0f1} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" tab
    3⤵
    PID:1076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 9 -isForBrowser -prefsHandle 6744 -prefMapHandle 6628 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f00f26fc-9b5e-4093-a6d4-6136a73976c7} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" tab
    3⤵
    PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2508,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:8
1⤵
PID:5228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
e77743565936f6d3023d388f79070571

SHA1
f1a9da9540d72b0bb004abd7e6a6a8746e33a002

SHA256
85d8a52b6b0fabc7744a20ed06beabd9ea528760f34560e9c56d6c51aadf7d83

SHA512
8b115c4e28a29b8558183c001020007af78bd84a19d4f4542a6c2ef9ca7397835e3766f5e83c210cd9c5ec7dd40f1192e69318ee476a60d504f01a0ba2f0feca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
4819db49bad72f5a0d3227458987d5e6

SHA1
7997b54b1f85b9584efc4e0df528e925321773cd

SHA256
2cf36ca2c19bb26ca64639f2d5c49680018468f6f23a7d5d606313c5b17231e9

SHA512
2ef29691a5c3a16674e991f5e2a08ee0a824ffea90e7ee4ae7abedd4e9e089c6e33c9279f6ae1bd2ed619c7579e98a25367c76ed8ce6995d1f3f362355e9693b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\62C514A3D9BDF3FCB31C6A5B8A4FF2FC8BEF667E

Filesize
221KB

MD5
ad4fc459aa1719d610878b0454571199

SHA1
c4e52009c67b6be2d94c0efad9dc9da2a76d37cd

SHA256
02a0b70b069aac8801c175c7d4ccd25bd51d55cb84989f1fdd0888d5628a31ba

SHA512
806b9d9b205e98501ff7e0bb92d7d3c3e79115bf4cedc497798b33449b55d4a87103f60424198bf03345a2851c430e97f3146eaf97eda7d441ee84604b901c72

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\9187E08E4648A9584CCFDE3736A2213D540BC17D

Filesize
17KB

MD5
175108eaf0a015af97e1e02e31e60c30

SHA1
67d8d6000a080be79493d65b362c603061d18735

SHA256
25daefeeff86792e0ef129e4ad094309bd5d0f5849ea0390ea4c2826fa974658

SHA512
e14fb6ecb97abfbe5650d8de7287cecd9395827de3014a2ee0e9994aa611d3739d827fbdb5ba9ef97f819c8aa72389dee754d081ecbc5398bb526366f0992fe8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\E4E93037C12B706B31321AE13F7E0265D2B13314

Filesize
60KB

MD5
52253de455c26fd0052c0d5a95232c2d

SHA1
c66988f0bbb4de6b6f17aa9a078466eda568921b

SHA256
bcc30077ef7a7daceff3dd08924b79738339694f2ab604b06a0d839c69c3db08

SHA512
a79c490104441110883173ab6dae0e86cba923d911579d4c1b8675bcfc764d90777381e2d92807d8243ec4a94dde165f510112200795db0e662ecf36ea6ed8a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
25KB

MD5
f235b410f714b5fad6f4278f4b43b0c7

SHA1
5c08492096d2cf00fe912fe3e89a45a14666c26a

SHA256
db03630fd730e9562aae4fdf3a1393eedbbdee56b0b48c8d471da7095fb56a01

SHA512
140655e50ffc88960266402159f0c91c61c383803b083ffe09a213a0ba747f2a4ecb332d20b8ba2caf1ef23e48454061d8e80fe216ef715cbec19c0993eaf914

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
12KB

MD5
6b34f185dc936319fdbd3b039eca4e36

SHA1
961025400b9d8d9daf9e98cfe2f5b4aebc655485

SHA256
17947a11b6346c532fdf9af88c3c8aa5ea8c0d844030f172466682ada4b0a990

SHA512
fccd02d2e686f76da1dd7463e48d035bb4b5efbdf90254407c0572cb734346cff1344adf2b64fd9b02a39b37dc2ebf06bbdf3920debd609c8dd54c4ed590b83a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e904c18bff4138cc478bb148f7c76d31

SHA1
1c5fa1b766d6d66e480ea6b7886946220a37ee22

SHA256
a91096f881c1370351f6f3e55510eb7f6d2a80d7963489bea42bb6972d408e4e

SHA512
48bb4c851663477b6bab69effef4406e42e571811a7021c82b315e2c23df67b0e5d88dfa3ce997d04eef1e8133171be546b8824e88cdab6f784f0e17f0fe797c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
93df102a79e670f456d82a8b5c0b017c

SHA1
74bc72f3eb127aecaf744dddea4e9cb8d57614c3

SHA256
bb9bb8ae8811bc8e8896943284278551833ec6fd98633157a6f53bb886308632

SHA512
f3e0a59ea47d02ee4e311576358e43ce1dceeb17bad15b1acce15a23ef4c3e78e71362e9ae87f9ccb398061e9c006472251170c52e446e9affd36be3e1bfa2c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
395384f36cf8345687e845139946c028

SHA1
4c908e2e81488ed335b2bd17dc57c0eef3fa1af6

SHA256
28c6b0695e873cbf97033c8a5a4f24e8858014f2d0586dcab4e92a01c6d2ae02

SHA512
34b9174a4811bab1f5173fed1bd2d8abe77125219e8e37c661047aeac0afbe4de2057e48ada3189d3031c8c2f083aa39fee0ce80993c9108b6d02cb0e35d573c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
a45ecce23719222251a86e7378d3c4a9

SHA1
4d9bafba735b283e7e94644e3af2d2dba17888ac

SHA256
7ab9a1272b649f10482f98e168d9cf789edfc5917150f5b47e9bf23f0ca4f7fa

SHA512
e6e86760a6d1379dd67e92ad15113489479bcfd5008db767476193e8381625b40c66553e9d6456fba1e568325b47a25ee07b1fea0800fb2537f94c889753ea9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
75KB

MD5
c0ea824d11be295fde87fa116822cbbe

SHA1
2ce22e987a93a72388eb8da904e5caf2e556d48d

SHA256
7128631c297ea1cde52743cf84254ea79a82d51aee5d87d8c6759ec2973829f5

SHA512
6dc221a8b82e7e7d19385f7815a930debe92c0bf25445bb42cf632c4f8a904366e549683ce5d65169a900790b5008f282b4d8dc163e96bf09025158c82b8293b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1933a8e0fa12c45863de8080b85fa8d4

SHA1
ebd56b0ca61d7b0a1c60d4d5d9cae32ce5a2765c

SHA256
e7abd737c2600475b070b37d53a653feee239994e337855369979b4b3e0c0a11

SHA512
97f932884678846688bb2b112648396581e09a41be59750c58eb4662e83bb69908fb66b803e2b7f95e845c2b7acaf620c950cf9b26269969e7c7c123565f5c91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\0b30402e-f819-4546-9569-c231ac468646

Filesize
26KB

MD5
43b34b9f910823e8c56989b050658077

SHA1
2874fd0c8df133d1f6372b86c706be82564117ef

SHA256
2ddf09db794e8f8e99befd3c5bee0ad367b41c6941fa51d20d7a9954dd5e4bee

SHA512
cf8f68c96d7b0d7faee834723fb6115577957a4b9f98feb379a0ccddca566196dc6e7841578e9242b8e12e47f1e34d4c8c377bb9c9e2fb4a6fe82a79764805e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\7bf8d874-49f8-42b5-a512-5e2b667bb7fd

Filesize
982B

MD5
fbc86dd141018e08fb7715a70550136d

SHA1
96a32bfcfc14ae6cb3e3859b5571dc8f8113b6fa

SHA256
57ef25efa843c142d944204a3cd2e90b2caa4ff8e0bdae1db7eba99ac0e8da9d

SHA512
aec20c2d4a9662c31fe3c3b5988c93624984bdaff9f2d4865d2b7b301b3e4db564d6ade9d063239471ef549de84dc541e1be3ac9c0c905d81ed5b1f6858f9a59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\9a5769f5-b6f1-41e6-bec2-73da1f0e525e

Filesize
671B

MD5
249d39daa950937e4faf38e031de3ae8

SHA1
1a0b64290e285be4a119df2922ced2d1ade5f20f

SHA256
b923c892feba113ce2e3cccebbfd3310888d740c6655c72ef6e836c32d9607af

SHA512
21330ce7bda4a93f313f5cab99c06029085830daedb0c4cd2828074fb429c7aae73cb7d3258c5179beb5ffcf87d5f047f53bf4edfafce63318472b6aac0aefb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
978d6b264d2a93b5b78f5ded77cf322f

SHA1
91f95442bcc4ada523a041dc47ba72dbd8fc7fa3

SHA256
ad7c30439fa5c0e8128e37c6e86a4fb15c328bbe8e26cdfe08c72bd4b85a4c84

SHA512
13cefa67240d7075e739fa1d6a323c8dca242fa8454d05b99a9580b320d4e393c245cca1e3283e4835257938a0b074cb8678d193e459041e8bba3f28d04dc2ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
15KB

MD5
bb020374900f25eed8fe59957939f094

SHA1
cc84e94ee7e1a9fa801c924b15fd006fbab40d04

SHA256
e201d1f6c04e589151fd8b90fb4a7f3c845eabd9b3fa8afce51c0a70253e12dc

SHA512
3c853808c4de66fcdb06ad4a5abe3a72025e3b03ca783037e597197bc75e3bdc7cc9b9b1004b10d3f3db69a39a55aee7aa875f8e88e6d78cc84757f4c6043856

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
883669f5bbdc853c9b91021f720103ac

SHA1
3e6eeba3165bd26db172ea83bd79a63c33b74915

SHA256
6e376340743bcec186fd3c5e34494323652111a0c52cd6ad0d28bfdaf0130497

SHA512
9b15d65e78625d3daf25ed082fa1aa97aa80bf11c0c7ffcb1fea3ee8a60fdf69d7faacc7c5f927493a627a7d12c2942193b668ee377d105d5aa8295980ef706a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
9f05cf90689ab3bb69d3e551cc107b8a

SHA1
c1857bc0d1d69938df8843c693e981ceda98cb36

SHA256
53d8996496faada07b1f2907a4d0b7b77504af846f3e935132f134ed4679bc42

SHA512
de11bfcb7c7d5ad558f2e6e1dce15856db7c609c051eaa1ac4992af78880dfea3f73b0af06383199ea43b00540951c8bd530a09ad4baf482a5db1c58f2f08706

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
26a32a18e0d77b43e6f4af102df2fe54

SHA1
11b6f04d599fe8bd11b94dfbcf6929a229b0c500

SHA256
1787604be9e71d0aba8ed975c2e405d243a704df880953544cd779b8314b5fb5

SHA512
05ed90db0074e0893e8bbc52e6ddcfd81e5b65253f9db55097e70f572ba0d1ddc2b7e3ad3826eaf1236523369523174f68546f52cf34fa9ea31ec2013f0c4099

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
3175b52e6daf8a42f2990576ae7b875f

SHA1
4b885c7d29757ac74c6157e68efe3ebd0fb6eaba

SHA256
98b2488164c1198b2100e71cda41e2f222db00ee0013dd857364f42d2f095ea7

SHA512
95b6863694030224a626db4d238f3ec45d617a147e21674edf93f8769b53a25685bd37e9d3277cfc605dc15aa5b8653e00ca0a715c86d4d02d016e8b848d6ae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
b65a0a14fd8d6a65ebe66a59be65ab64

SHA1
b525dae20b1436249687b4b99cce865233459ea6

SHA256
94fa6993e9f9f80fc2a647787c8f821c99f7b77f229ef4fe143428a0835b6897

SHA512
7da0b72045c0893f5d7000112e75b1ef29fe79e13a85d9593230ef60df5b4d9665a4dacf593ff0a20a70b984ca28fb4025ef02955c9343623cee43e0793850d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
c1c2eeaa6a04e9e950e7e0d7f59d5526

SHA1
3f796989f0c0bf822e88783beded822811f99718

SHA256
d2bbda81700814dfe5475cfc32c4bc6266bce62568df923efc5c6f5b04ff03dc

SHA512
ffe6332b52b1a9b85c60949d75a03d5f5adaeff60d66e4a1de7d183a51e7ee75a9d6e15e7d396e911a8da2d5c67bfc56206c1f6809d631828a80df21a2bde5a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
155cf501485e40038f99328cbd6c3236

SHA1
3cee5ab69bd2d161f63a3df89cfe110151696732

SHA256
776965145c7ea156efdf2dae1efadbec0562e78d6021c8c10733c7362ce153a9

SHA512
2b402ef13e42db345110a1d3a186585e6135b822c0ec8903e4234379722d0b7754aeca03492938d943627bf71e303e3e5fce0a270d9c11c9ba25e67170361062

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
51a07762f980bead22362d03e0564565

SHA1
625ee0115591114b6cbe6f4cb59d453c6fb0e1e9

SHA256
7a16a25afb5067554117946a681d8cee1d76909d8cd989098995974a2e9eca46

SHA512
24d1bc4776f5b89ac003cd77807329298b144f61ada848d779d296ae37f1330e94d50290f5da4ec02f88c99d490bc59dd7f6c80fdb02f734cbc65b4ab77436cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
21d8a0b4dbba7476c656c03980d4104a

SHA1
50327c9df2002d9b9db84d3a96fd0d47ba2df93c

SHA256
360655279d9bba90ee861abd7afc48ecf61cbe3b3c572ad74da568f2a20517f4

SHA512
6c3390e58ff364e35d51b0382cdfc4ee04ca40eb7521e3a506552d2dadf66fd25e7ed7ae587a27f79524522ab4194166ff2624b7fbb651995a0bd68d75e4f888

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
852ebf39378e8f3d4400c5f5ddefb38e

SHA1
8088958f9106a1e0490e59996aedab99d74c33bc

SHA256
d904efaf6b93a57e2c4772c496e361260d30aa7251654bba80f002a5cdcc3660

SHA512
b55ccba61732b98ff36b32e918bdb876dd30d52c4c5d6a86e0ce2d578950a6603f4f17880f63bb449d90a8a5ce098e9e176da15b17f550a93205aaf6ef003e5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
8dd10aace743dcfcae8de2c849734811

SHA1
4099659100ae7a125a152630d7a40575429a159a

SHA256
2069ab77354abaf93e57b60941df13acbc0cdb5b536ae4f90e54e2a7ecb3cb8d

SHA512
187b659e21b97923e667b857a0b4123211c942c96474b2094f728b324a7261aafd39436e29532d1fcc60513d95f9faeadb00a42b932142751f204d90145f373c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.3MB

MD5
ec84513542158b694ebee08bac1bd523

SHA1
21688cfe8140cc4e3f536a3c47769f2839149b70

SHA256
a2774bbd882556a60d90502a08204f07de5d3c46baec20db3017a4c1bf72efc0

SHA512
9691d7ed6959ef03a44d7d1551ff0cd635e9e127b84dd70faef6a9375d2e4dbcca01018cba246b254baa4cfd0b3896a5498e810c65887ec9d04ec809f06a889e

Download Submit