hxxps://mail[.]google[.]com/mail/u/0?ui=2&ik=acb34b308a&attid=0[.]1&permmsgid=msg-f[:]1811989058793170946&th=19257a72da42e802&view=fimg&fur=ip&sz=s0-l75-ft&attbid=ANGjdJ_AAQWhie1MIdowMh398L-kghDWMNm_KL8c768oK5RRYSIvMiCNUQjq6kBdQFIwjXO4pbkHZoOsnrM8KNzhVv4yIMz_rdxNR2Aq2nzzNCjdQbniERHIE-Uoj5I&disp=emb&realattid=ii_19257a6bdd14cff311

Analysis

max time kernel
118s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mail.google.com/mail/u/0?ui=2&ik=acb34b308a&attid=0.1&permmsgid=msg-f:1811989058793170946&th=19257a72da42e802&view=fimg&fur=ip&sz=s0-l75-ft&attbid=ANGjdJ_AAQWhie1MIdowMh398L-kghDWMNm_KL8c768oK5RRYSIvMiCNUQjq6kBdQFIwjXO4pbkHZoOsnrM8KNzhVv4yIMz_rdxNR2Aq2nzzNCjdQbniERHIE-Uoj5I&disp=emb&realattid=ii_19257a6bdd14cff311

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4600	firefox.exe
Token: SeDebugPrivilege	4600	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 3012 wrote to memory of 4600	3012	firefox.exe	86
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 4168	4600	firefox.exe	87
PID 4600 wrote to memory of 1508	4600	firefox.exe	88
PID 4600 wrote to memory of 1508	4600	firefox.exe	88
PID 4600 wrote to memory of 1508	4600	firefox.exe	88
PID 4600 wrote to memory of 1508	4600	firefox.exe	88
PID 4600 wrote to memory of 1508	4600	firefox.exe	88
PID 4600 wrote to memory of 1508	4600	firefox.exe	88
PID 4600 wrote to memory of 1508	4600	firefox.exe	88
PID 4600 wrote to memory of 1508	4600	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://mail.google.com/mail/u/0?ui=2&ik=acb34b308a&attid=0.1&permmsgid=msg-f:1811989058793170946&th=19257a72da42e802&view=fimg&fur=ip&sz=s0-l75-ft&attbid=ANGjdJ_AAQWhie1MIdowMh398L-kghDWMNm_KL8c768oK5RRYSIvMiCNUQjq6kBdQFIwjXO4pbkHZoOsnrM8KNzhVv4yIMz_rdxNR2Aq2nzzNCjdQbniERHIE-Uoj5I&disp=emb&realattid=ii_19257a6bdd14cff311"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://mail.google.com/mail/u/0?ui=2&ik=acb34b308a&attid=0.1&permmsgid=msg-f:1811989058793170946&th=19257a72da42e802&view=fimg&fur=ip&sz=s0-l75-ft&attbid=ANGjdJ_AAQWhie1MIdowMh398L-kghDWMNm_KL8c768oK5RRYSIvMiCNUQjq6kBdQFIwjXO4pbkHZoOsnrM8KNzhVv4yIMz_rdxNR2Aq2nzzNCjdQbniERHIE-Uoj5I&disp=emb&realattid=ii_19257a6bdd14cff311
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1596 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99e2f41b-e1f1-4327-aaa6-aa75c90b8666} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" gpu
    3⤵
    PID:4168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8f0df2a-ff39-45f8-9e9a-6111675777dc} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" socket
    3⤵
    PID:1508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3400 -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 3432 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03e2a67d-69f4-4a99-97f4-5e8968f2f6ae} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" tab
    3⤵
    PID:2492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3948 -childID 2 -isForBrowser -prefsHandle 3940 -prefMapHandle 2776 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16da063f-752c-4e81-bf1d-5d11aad7bc5b} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" tab
    3⤵
    PID:1608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4996 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4860 -prefMapHandle 4816 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17ce9afc-bde4-423c-b2f9-7ea52cb97d45} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" utility
    3⤵
    - Checks processor information in registry
    PID:1740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5192 -childID 3 -isForBrowser -prefsHandle 5184 -prefMapHandle 5180 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47309c4b-8318-4390-bd83-397890d53533} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" tab
    3⤵
    PID:5032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 4 -isForBrowser -prefsHandle 5336 -prefMapHandle 5340 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {698985e6-9faf-4d6b-8d42-03f9bc21e2ef} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" tab
    3⤵
    PID:4464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5420 -prefMapHandle 5524 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20e44c1f-f96f-4437-9d0c-68008c1d5635} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" tab
    3⤵
    PID:3224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6332 -childID 6 -isForBrowser -prefsHandle 6320 -prefMapHandle 6212 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {249184da-98a6-4ff5-ba16-5730ddab75a0} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" tab
    3⤵
    PID:5112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6628 -parentBuildID 20240401114208 -prefsHandle 6596 -prefMapHandle 6068 -prefsLen 34087 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b2d5a63-4aed-4557-8c91-3c273ef97086} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" rdd
    3⤵
    PID:4256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 436 -prefMapHandle 6604 -prefsLen 34087 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1bc1f23-44ef-4f79-8291-aba1748da584} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" utility
    3⤵
    - Checks processor information in registry
    PID:2952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5236 -childID 7 -isForBrowser -prefsHandle 4684 -prefMapHandle 3336 -prefsLen 31031 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {736eb21e-67a4-426b-a4b2-c6648d95c84c} 4600 "\\.\pipe\gecko-crash-server-pipe.4600" tab
    3⤵
    PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
e99c902480c4f0ab7454d671d61a17a9

SHA1
58fcffa378ca3310c7fe5abb59c99c99a48de9c3

SHA256
275fb7fac4c0f8dfa2c70e19ce242da82ef4bd4cfa8a2ea943e11af5ad736a44

SHA512
c48f555963a64e7550aee71c403c761d47981d4bb14b13f96cd5fe7a45b2e38ca336f71506a80bc63e65ad9bb5ca3e9a76077f3f9185e562dc7f1ad8a4852425

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
c66e68c63457945e249da374d230a0b8

SHA1
e1957980612a3691f70310db36d342224ba18290

SHA256
05210ce56fe8ce63b997b87c03689b686a68715fd81266def73a6be7db892fab

SHA512
f27041f7907d42de3e6ba8cfda7805ca35cc45ae0a406484f6d3690563324512cd09c65a9f4c5855462fe0e8645720093d9630f90c1c43fcebd8cc056dcba75d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
858e548413aaa84f56c5bda015653e68

SHA1
b7054587a9c60adfbdc45015ccbc326530ccef9a

SHA256
09eb5dbb0a21b64cbcf864af66601b1ececfe3f212ed91bae7ccb2369bc662b5

SHA512
afdcce002f8370903cb64cb3f2ff68d9dff6d636ada4c117a2dc12ccb360ce167257d3663442ec1e801d2c43cb1fd1748d11bfd86c0086b8e58e9e6307d35800

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
6KB

MD5
5e0df399a225f24132105ee65ac66ea8

SHA1
cc94a071febaca959e21a645df5dd1505cc366da

SHA256
7b6be3289d01505e594ecc13c1c8c4bd6f3f8c1baeaaef947366657fc448e753

SHA512
fde4eb9b71d48464512c4335ec43f10bb136f84319b6a3a1477e1df55d7ff8dcef85eeb5e5585129828ee5c92245deb6506cce724271594e9d4fbc11c910ae99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
8KB

MD5
f95dbcf29086b682183518511511b22b

SHA1
39bb65e9b3aa5ede03f6f74d242642a539ed68a2

SHA256
37147f67a21e91775036f154e60dd081883bf7293dbd0e4bf8f9479ef225357a

SHA512
9072108f019c766e6869846997955995396bc94803c4df3d604c8ae48a1446772cd7812d975bcfe2114fe2884b6f56d3604ac4a90290ac96b7992885c4dadc56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
16KB

MD5
c54b0191f0eaf9fb8d0622f5e15cf0dc

SHA1
6f118bfbfb5b7f2c60555e8966791ec1b6191972

SHA256
d2ac8a57cc8b6904594157b089e55d8e4a17a10b7c29384659daa7e2e277f785

SHA512
b450447061e0d9c67403bcc942f43e14dee344df230d27f022e0de0579176f7be19b11ff2eb56c8c81c6e2ec7409eff42094236957a13eb97237dbd221483133

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
cf82e8ebb5df0d599c8eaaa8ef63d610

SHA1
d70549316c852817f3b69f2b39ec37ff202c494c

SHA256
6ca5e5016a4b9abd6e10460d7dff54fef780c313b93338aba879344b5f81373e

SHA512
01d6d2516f3511c0ea10afa13ce6e89ce6a707cf5a1c748d2f77ef7307d4771cee339a0a93307e1852a19e7c66f1426c3c0b6424e16432a34876f734aa941851

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1aa22182675f01658c1df97426828734

SHA1
2a1716ba6ae4aeef35f58c1e2ed989e189225686

SHA256
36fca0df4c71bdf6378d8bc09e316b4f5027768cb11aec56a0b478939b27f018

SHA512
060125fe6064505406cf316bf354b1284de408e19c2ed4207e942679d439eb523372879873a7903bae72969e9e6e983fd987ad4fa5f57fd474bb33b8267f122d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
3cf2a4f7a0a3208d2beaf338a132060b

SHA1
b01c217887cf8fc0e0c30622cef2ea0078989db9

SHA256
f5dc802f206feedbfd90ae2f35a35e012851a3bc5db8937c0f4e98d93b63995d

SHA512
c4aa8269a4b3b1430d4442580203b3f1ab8c5d29a1962110bd078539a6be60b759f4783093a22dd14569ddf4df457e1b2cc2aed9ead857a69ffc9558379893bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\9fab5971-8b96-43ee-b408-f51c371a93e5

Filesize
26KB

MD5
e15c1784697f35d1244fa34594d82f16

SHA1
f1334c1170b889991de723f7cb01ca6f38ebcbf4

SHA256
b5f947af869149ce3ff6b5f46deddf0f47933a726dce74af96f19115dc63e847

SHA512
084de6f6089c7689584791e32f3170a29542a778372ee32379758a5928655ed9e076a12ee17dc05ba7321944b6bda13e087ea41c47384d750e5c66f8baddd4a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\c88002c9-412d-4dad-acd7-263a5d8357c6

Filesize
982B

MD5
2440fbdca801f3b518fc21093bb780e0

SHA1
000f616c8f5d8a8cee616df29bbfaaf3473a1ad8

SHA256
978bf4b1bfea32f5fcb0c5eb35393946d24a3fab09644466d08eaed7a55cfba0

SHA512
67cc14cc16fd182994f1337cbaedecede8aa5cc8d1a8b400d89e687bf8743aee4a2cca7984bc00fe0d3c9c61ff052a63167349575b33308d96f53c5a19480f81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\fc49a243-1366-41b2-8019-5d0e033fb602

Filesize
671B

MD5
48db73ccc424546812ed9f9e5e4b6dba

SHA1
369e64750cd5e96f4ebc01444739c8c106463d98

SHA256
dfaad22e0a2b3487fa490f600f996f3c64eb90947cf3626613caa1d1e79764ef

SHA512
bbeb276bc53ee7e86fc9f0dbc563a4d6f954255309966e134b115b3949e4183764d01571e777775f955fa6caaaa33315734710d6f628e4dc069e6c191f0cf691

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
12KB

MD5
ee03a02ff6f8470212d3e7c7b86a5ae8

SHA1
ea4ada3ef6fad15c3c3843b50f1d99bf5380d855

SHA256
8bacfb20a61bceb0cd9e5fea307e5b98a6e8110aeece5cfc4c7e2f14f22d4b9b

SHA512
eadc24b80e54acb4dd7add0a9275e09b9f3c9648bf1f2ddd3c3c6edd94be57a4abf6aea8b1964303ad187a6fc98ebd741c7b6ca89cf65af2683a38c72d71fb06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
16KB

MD5
dfd565205073f4234cd6cb79f8dd492d

SHA1
864655cbae2b614ad656a7f1a0869ed8dd068e30

SHA256
7ec0380c9ac3898f1237cedb87884e2a31e6c93f5ddc8c167577d7830f2a5a57

SHA512
b74c0c08b376e2f27cea04cf62f8697e69f423d5e8dd46ac193e30fdd5f4dbe7ac4ec2705656a268f7f80eb5435b95258897980be364154764a9915565b64b93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
ca2a20727d4f01e186d90faa6a8d6cd6

SHA1
fe7de7c71d84ce32d47e3a314afee83902975a9e

SHA256
b18f8e4d7d07c48f4008c28ac6faf7339dc780cee1cf5ef176be116733195f95

SHA512
7f6328e25a45964232c371db0c6bc86a982df1fa5906d3193fd207b7bf0c3f7286364d2e112fb53bfeedd6fc535878150838703378111de84f4aa71a9eb91222

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
bc6d90805c9d50b6470c667e9abff8e3

SHA1
614d82e359780a0fdf9c50d1f42db64a0fa13892

SHA256
cd898ca5023afaa5a43fd0456014f616665fefc04c36ce1f1b2141605c11b639

SHA512
afd2f288e3e5af8e80bdf38c34249816cd6833414b8a09c96af6423dca45a4ce06ed31abc2eab0163b4b9b56a4b15d223ab0c2cdc79d22f84b9b3b49a67291a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
178abbe9614c06b524c0e57f9da5fe94

SHA1
c18af65bcb82da9c571037cd46958431d79e35cc

SHA256
41f07980ebd371cbf82cfbaec4526daf2b70c03f33a0a54677b93ecff4da73c4

SHA512
cd73249c17adeced529e16bf93687b5f54240d600b3dd2c3a757c336e4720393cff4b5aa93a1bb2b541f7657555d33441a8c2273e4f0db98182e86b61d0a4c01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
1da2039e91f13a876331842875e16e7e

SHA1
34dc3a33b11b7b1b859751b216a7dc3fbec20ddc

SHA256
a4626bbb2c5b7fc84cda9457fca579e12927c48009ccc0b5200a86416e4024eb

SHA512
f4b2aca6a183a58a512f234ee0ba0c1a892841894433f8c017d5ed57a30b2d9ec03b07a20ba0167eedfdd5c1a01d978f03640ff8330c25bd1dd6b09544c8054e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
c31371c681d242fa83661248a30a93b3

SHA1
30c32c90ee2ac06b6c7c762d930c64c4510ec202

SHA256
8dcd50aec6b25377a6682598cca1a8df9436af3e3263c58b25b2e4521b3a85ef

SHA512
f7b5aa546957f8ee60c8a715eccdadb7ed00493b2f23e129222c4716c5a891a7fbd10455134301cf993a6ce6b364732b7b6d5ec578eeb88264035d624b624339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
b9c6a1d8f1bae742d9858c564a32a2c1

SHA1
1d9c5b8aff99175b27a01ca95c473b9c5d9f3494

SHA256
cdda5ab644abd90113f81450922d48589a3dc661fa2ac79eb72382aa1db98f52

SHA512
40b126bd2be75461e085cafc2fe47ab68fa943cef7b491b2d87da1a1dd9bf7e816ac85d05d01ffa05054daec3e99279dac3d1102abfe11ffec47b8e8968f429b

Download Submit