hxxps://kazis[.]app/help/funny/lmao/rr

Analysis

max time kernel
85s
max time network
88s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kazis.app/help/funny/lmao/rr

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
127	discord.com
128	discord.com
129	discord.com
130	discord.com
151	discord.com
158	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3312	firefox.exe
Token: SeDebugPrivilege	3312	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe
3312	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3312	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 716 wrote to memory of 3312	716	firefox.exe	82
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 636	3312	firefox.exe	83
PID 3312 wrote to memory of 3400	3312	firefox.exe	84
PID 3312 wrote to memory of 3400	3312	firefox.exe	84
PID 3312 wrote to memory of 3400	3312	firefox.exe	84
PID 3312 wrote to memory of 3400	3312	firefox.exe	84
PID 3312 wrote to memory of 3400	3312	firefox.exe	84
PID 3312 wrote to memory of 3400	3312	firefox.exe	84
PID 3312 wrote to memory of 3400	3312	firefox.exe	84
PID 3312 wrote to memory of 3400	3312	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://kazis.app/help/funny/lmao/rr"
1⤵
- Suspicious use of WriteProcessMemory
PID:716
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://kazis.app/help/funny/lmao/rr
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240401114208 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b52bbc7-9a81-436c-953a-5e7fd89bb29d} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" gpu
    3⤵
    PID:636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f026280d-27a1-4532-bdb3-d6d678bab36c} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" socket
    3⤵
    PID:3400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3024 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3272 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b485495-279c-438d-b489-09777e73d4d8} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" tab
    3⤵
    PID:208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3956 -childID 2 -isForBrowser -prefsHandle 3948 -prefMapHandle 3944 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d093bc0-d85c-48e7-bd20-2ac1bff79b04} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" tab
    3⤵
    PID:3464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4672 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2856 -prefMapHandle 2692 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {511cc1db-cda7-4995-b062-a67cfc867c2f} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" utility
    3⤵
    - Checks processor information in registry
    PID:1996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 3 -isForBrowser -prefsHandle 5388 -prefMapHandle 5384 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c6a62cc-f78d-4ad3-9763-1d55dc1bf14f} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" tab
    3⤵
    PID:4992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5532 -prefMapHandle 5356 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fe6df0a-c4f5-4cdc-956c-07b8209ca82f} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" tab
    3⤵
    PID:1600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 5 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66b68f8b-e561-45df-aac4-f9dcdb2fa005} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" tab
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 6 -isForBrowser -prefsHandle 4268 -prefMapHandle 2876 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ac5e377-5f59-4b49-82fc-82fefd1baf60} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" tab
    3⤵
    PID:3124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6400 -parentBuildID 20240401114208 -prefsHandle 6388 -prefMapHandle 6396 -prefsLen 30532 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c697c0e-ba61-4b93-99f7-36e45ff61a14} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" rdd
    3⤵
    PID:4580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6288 -childID 7 -isForBrowser -prefsHandle 6272 -prefMapHandle 6256 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3f31034-73c4-4f91-8602-19630f346695} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" tab
    3⤵
    PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
d0481564c8f08400bf0b0f00212a7d62

SHA1
6e782a4181242af28a85a213b0d2a2bac1365fce

SHA256
4f23fbea5eb8e4a83f4d95b921b749f2ba065287174829414e4dcbe5b3e4a78b

SHA512
a0d43a8998fc4ae4b6d8b55d303d7eae55d4466d045c636921a6060ded015fe0d66d281c18255bf877d531ffcd8f732ee91c94dd8e783923a1929d8f7231c443

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\0534EFA1E40F37E16800D4ED01AAFB620817D77B

Filesize
58KB

MD5
a66e18cadd19fa11d9b9ca48f98cfaf2

SHA1
3131fb1fe7c6a8df7982fbacba3826979280a1c1

SHA256
0f600fc5c7084b0e6f0121964b13bc6c99fac8ee6ba71084b6af9f83410ad251

SHA512
5cd2ff8553090fc8393a8a5d376e2d722b1bf4ece43e927b18254c55b106c512ee6dd9c59c876b7a239a8dfbf726063e507740098cd96bdb3f8cab7c3bb0ba4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\1E674701354CAC1C866AD30A8FFFE5A3CE9D2AF5

Filesize
11KB

MD5
7cf3aadd8da387499036bd535d13c3cc

SHA1
34ecfba6d4cc1ffff63623c8cfc18c9175ca5ecd

SHA256
97a646ae879496e7d6e6ffc1b18771b8b58579dc20c91887a24575539252547b

SHA512
aeab2b1322e0fed45721545a326307c8e66d142198e1941a0f46059764cb146546a94f6dc963366dab902f9596da8971ff2967a76c97ecdacb326279d26b6320

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\BD1966751EDDBB99A56F9BB2CFDF8032C6E74020

Filesize
16KB

MD5
89507bb0e26a49c849d279a3eed823b1

SHA1
0fca3f7f37c8f2e53e69e188b2d63657683acd95

SHA256
5f2b6e5c2aad4790e042506fffd77f5279f864a7afcb8bc37ea7851d5f1cf223

SHA512
f5f56267882f1b22bd1a4ab0b6d954fda293901c28fe7f29b38d1c2e3e24211e3e15829a36be87a11236eb1aa1b8911bbe24675abd098143bef22cb9089f54c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

Filesize
6KB

MD5
a0e2c6765f8b7f284e89246780995685

SHA1
64d3dafb19ac4b4e6e5e680ecf349345f285b75f

SHA256
ff76e31fa9ed2dcf08d7068576a9c97450e024332ba0cd78ed451c13a1d577a6

SHA512
8d07e2699db611368cf5fd1f5c3282c3c83b086534d5268545a52af04008a68993917803188b32322f547ac77ba2734ca2eb96903875904b51146444d0dd204e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

Filesize
8KB

MD5
c87e888922993b6b2c3b16a30d7ce4d6

SHA1
f022f0a13b8f26d3c9493dd8a31c956b9e12dd45

SHA256
04aaa7b49651450319fc9a113b4968d2cc8d99d8e1ca90314fcfd09e091ff7a5

SHA512
86a4dc34749a38c89f50c7b2f8ea4e4211616996c906d3ded7f8525079181f54ec5b2dd76be3f2fc73322c3ef048845c36d8de0d9180bb1f0384bffa14ca362f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
329b9d7fe2cdcbbaec9dceef904900ad

SHA1
6dd0d15217eb2f2fb3a07c917848f0b27e00b802

SHA256
0c59d15839a692105c3a0593bd4b150658095765c9d41ba2fe147c3f34e1267d

SHA512
a3726f544f6da0f46fc944048960246b5cb2a49b4726aead172b56b4f22ed3b7dc04ddce2bc57ba5d610343af1657c63fac576f183232e6ab7c558a8ef043717

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
23b59bd2de3057e98ddd46d2d13a745d

SHA1
dd64bc73c886441a3b2da0b0758ba017efa14452

SHA256
36b64ecfc3803a9099a7c26a067217f2640c2de5d39cff136cf1bac04ebd2ad1

SHA512
ac1c0fdfd3c3b8b26bfe561ce2a1581771de04405bda4053c707a466fb681ca5fc1674af230c736b5f5a5e96fca187e58033a494a81428c40eecaac79c9e386f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
bd051c2ee7bf4674b5d1d22b64738b34

SHA1
00fdd61851b2cc2413cbbb057a2d29d79fd63064

SHA256
30bb65ab10dcdf46c70e33159db1c6ed23fb74becfa73aad16bc856add3df304

SHA512
e7f6fc84b0b86f7f7fcdd71e843ae9e3b586595a522805bb33318bfd08180f3cb91941225540c13e5e9f1317ef5f1f3f8484f83f7e0a4f431ca6f5d0f16eb657

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\7917d132-f270-46e9-87ac-d017e7c35289

Filesize
27KB

MD5
1cdd7d6ee2ad89803090f7b1c09136b5

SHA1
d378896e9d2e7c548e56ddfa30386976e5b6a8f8

SHA256
795ff8d2d9762344a248bd9696e20014f5d6a40904b2dc2fa55cb137afd1fa97

SHA512
240f519cac69686e9d6c8047cc7bdd070edfea650b8c75fb53a1b02f8a8a63ade2e42305f1167bb4a63ac3529fa3ccc4264ea41314105aebe7c2650f1748691b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\8055c0f7-df1c-4618-ba12-62edbe8c6d8c

Filesize
982B

MD5
c29a834d5b834dfbbe964eb7e642fdbb

SHA1
a1895313cb37d341d1f347c0440851ff10f1ac1c

SHA256
351b2b09e4c0a608cb025742d1224ea312ef4bfd0eb004a1defa562e3b461cfe

SHA512
8bb341fe2b0e9ccc360d3b493323520b77fc1823c26089c42cfd2067b6b989a11ce491d436fbf860d19fd1a7f2f6ac1821465fd8a30c9899a2f952e37c2f9911

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\830cb9b9-ed8d-4cc6-a3d2-51bcebe422e2

Filesize
671B

MD5
185c51386aef385846d908996c22a25e

SHA1
ed2c483f30a4735c59a975710430c399706262ab

SHA256
ce62f379e3e78e1e4187e8174384779a300330909d32ec5b80ef1e5cbeecc1e5

SHA512
89b3889a0cc837470e6f855ef5da01e0c3db9f6fdd30e0f9bb72eb47cbc86cd77a7b1b69062df0c04a317dd3c1ba52d19c26756324a7fa45cc3f9c74028ae314

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

Filesize
11KB

MD5
09d441760a8cc429f1689f739fe56074

SHA1
ae45fc0a856e6676ed693cdd37674d451040fac2

SHA256
c067327d0a1ca76a90c301e1d153fab0a223f3aa7917b8de29befa6def6a25c4

SHA512
cf87443f3ca2e98cdd8a6e47780fe5cfb2c80c1ced8becafc0377d641e9626becf9afabc7b83d3500db527a25ffb200e58f4abbadc2890c7315d522c12b29984

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

Filesize
11KB

MD5
e56b08df9c4dc93e1956c6176b9838e7

SHA1
93334b5e4145bf96b921667901c5e5cbccc2974d

SHA256
bad9b62e7623fb697ef670491d18d6228dc14124223814df6f621a2e47b097dc

SHA512
99fe6012502f4fcff45ae885fcdd03c0a66053c5cd3e655836f9425960a2e91b2227043da715ccde24f708ec19be07bb20bf4652e99030f1c7d286131c72f551

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs.js

Filesize
11KB

MD5
a135a68d11f64454b8872ce8ff3dc021

SHA1
0c564d12c76ab6b0ea64271a077fe8bbe82fa53f

SHA256
59587657df82848b39e0139821be673f65e4f48069a2a52e1c56e3ab12a0baf8

SHA512
141761a325aed9e1f07f197d9c3e94f604b890d2656c7d87cbda8e00ce1f3858b9ff200f53a98adf71280db241c76d02cdd8ef9d93152be43ee02ea699e5a371

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\sessionstore-backups\recovery.baklz4

Filesize
71KB

MD5
6ed098f28a66d1baf73771460670660f

SHA1
ed0551c95180544046e09ac6bad0c62f1eee5c7c

SHA256
5c5ad00df4d14e26b8da9278095021e82291ad1601c2fb93e1fb06817ad2569e

SHA512
a6c1c9e2747e4c6bda9f2d59d1f2aeb0dd3e83995b56c67654ed28a88d0eebf23face5a14572eb39bccb99be07d11d6d93785abcac47ff8cd02b43f9ef89aca5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\sessionstore-backups\recovery.baklz4

Filesize
72KB

MD5
343b46b48bc701d9b4de01e0db2f32b9

SHA1
9a6e28c74fcc56cf92ba20117cc2c6e4376f6874

SHA256
5a344daa5bb88ec4a08c817736a6b60bbf4cd88ec09526d2ed9a1b5c20a8eae3

SHA512
456c19574b18de2c818e86d2217841132860ff6e8eddf45386f5366d845f2d62fadde8afda9c3ab33dba57ef2d8fa7d6573c01988f659efd02d8a10479e9dcde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\sessionstore-backups\recovery.baklz4

Filesize
71KB

MD5
5705c7a6661877850b3c048fde946b47

SHA1
fd76a9e32557c94ad43d7ad119214744ecf2581a

SHA256
33fb9ed9aa6b278f40a0b8f507449d2469c893fa350712d46ba25c8a103f0b83

SHA512
97cc2670d47f72cb0b513c20d4a9a870738c73a188fa2a356964a6e723a38a09afa5f47600387167c5c49950ef522ffd0a1d9f933d1b6caf5d06e4a985dc13f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
8855de4f96f822f18a07d388aeb1cfb6

SHA1
8868026455c637a43e16aa4761addce7781b21e7

SHA256
c224d0fda9421f258c344234fe49087475884bb9aadaeadc979c69f0e5f76957

SHA512
de715a05d2d62c37d025f90ec76547c1d4214989b558a09ff4e1aa7ac758a0e6e194e6573f2a6f8f6c03d35a604a6641e75a55fc3d1e100c1cb751ab340b8225

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
338ea86ead3bdc42f13d17d0619b999e

SHA1
a4c8ca6f61301241b6b46be310dbcbca0a117d59

SHA256
056b4d1953862455ac36ef76bc5269d837dfcf366aa99fced53976807131198c

SHA512
aae9f2cb132e27e0673d87661fba902a816892cdaa225645a226cf0f7b15a1f19168c99f133daf096f15dd267a2eb7f248aa3f80adfefc914cce0c495e0982e6

Download Submit