54546f6e843b219c180d0bc47168a63ae9e8eef223fb9133b4ebf1087bf048de

Analysis

max time kernel
147s
max time network
145s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23-10-2024 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sober (1).flatpakref
Size

3KB
MD5

a7773b0c8e7ed705cbe2b2440035e6eb
SHA1

73d7f204b98fc9e4a5b695d9fcf803569b7aa5f7
SHA256

54546f6e843b219c180d0bc47168a63ae9e8eef223fb9133b4ebf1087bf048de
SHA512

659f59f5c84d69d95b166412f79c12fa059153259d7cf7e0f92de5cb16504945f62c2c21982d67263b08c0f5f0f69e0d85be5a567f28c22aee040361bc6300c2

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe:Zone.Identifier firefox.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
File created	C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe:Zone.Identifier	firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048bc6f94cf5e854485244ce8dca8e5f800000000020000000000106600000001000020000000166838463e43aff0fae2b11a47af85c92d07d0f39dd8c3a10310907005186c55000000000e8000000002000020000000196b0aba34a3e9e11857e8e50273adf683175911d0101aaa2060f9eac941630c20000000128fba258c6f22bb5c036cfe302830c39a95d5d0e1a74968aa4efb2ab37ae173400000005561bad8be1398be1cf14e7d48c41f2e812098ed038e150b42508335ec86d022ee791fa4ea436689e763bd0b3f1000b9ff306e2e5b5f0dd03137d825bc963122	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 005f53857025db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048bc6f94cf5e854485244ce8dca8e5f80000000002000000000010660000000100002000000070dfb31f7c0c07e9a4964bff811a7ee86b61067b4afe2d9a55dc6528529cfd04000000000e80000000020000200000000e7910fe72f9b8386e300f71d0ba78ba176ca40595f217a8699f58b91759da082000000083772bc00e41495b5400e68ef0e1bc9e64fed44065dc71b665fce237d81e120d400000009ba261d7ec58551ef9d5af0b412ff5a0bcd7d27695aee78459597e534ffc5584c21c75cb0578d57f008d957603cc778fa1c9c750841bfb0d96cf5e2d89273a01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B045F87D-9163-11EF-B5C6-4AFA0E3936A8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.4355\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70e156857025db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe:Zone.Identifier firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	912	firefox.exe
Token: SeDebugPrivilege	912	firefox.exe
Token: SeDebugPrivilege	4660	firefox.exe
Token: SeDebugPrivilege	4660	firefox.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

firefox.exeiexplore.exefirefox.exe

pid	process
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
612	iexplore.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe

Suspicious use of SendNotifyMessage 36 IoCs

Processes:

firefox.exefirefox.exe

pid	process
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
912	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

OpenWith.exefirefox.exeiexplore.exeIEXPLORE.EXEfirefox.exe

pid	process
4588	OpenWith.exe
912	firefox.exe
612	iexplore.exe
612	iexplore.exe
3924	IEXPLORE.EXE
3924	IEXPLORE.EXE
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 912	4128	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 4960	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 3676	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 3676	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 3676	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 3676	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 3676	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 3676	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 3676	912	firefox.exe	firefox.exe
PID 912 wrote to memory of 3676	912	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\sober (1).flatpakref"
1⤵
- Modifies registry class
PID:1888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4128

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ed101a6-4944-435a-ae27-d9904968b64b} 912 "\\.\pipe\gecko-crash-server-pipe.912" gpu
3⤵
PID:4960

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2a1c3a2-134c-4979-ab61-2ff9bf91237c} 912 "\\.\pipe\gecko-crash-server-pipe.912" socket
3⤵
- Checks processor information in registry
PID:3676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 3208 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a330c5c-d011-4e10-804a-851a65a4e859} 912 "\\.\pipe\gecko-crash-server-pipe.912" tab
3⤵
PID:380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3764 -childID 2 -isForBrowser -prefsHandle 2544 -prefMapHandle 2436 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d51e1be-5983-48d9-8885-b415d0384375} 912 "\\.\pipe\gecko-crash-server-pipe.912" tab
3⤵
PID:1952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4868 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4792 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97e151a9-b113-4486-b35d-885d0fa29022} 912 "\\.\pipe\gecko-crash-server-pipe.912" utility
3⤵
- Checks processor information in registry
PID:2796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5296 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c0f9ae-6b90-411d-a038-dd01a2d33ef4} 912 "\\.\pipe\gecko-crash-server-pipe.912" tab
3⤵
PID:3052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 4 -isForBrowser -prefsHandle 5212 -prefMapHandle 5232 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6f5adbb-2d8e-4820-9368-085c44116c8c} 912 "\\.\pipe\gecko-crash-server-pipe.912" tab
3⤵
PID:2076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 5 -isForBrowser -prefsHandle 5668 -prefMapHandle 5664 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0d3e932-6fe8-454c-a653-7b1a7c37611e} 912 "\\.\pipe\gecko-crash-server-pipe.912" tab
3⤵
PID:2544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 6 -isForBrowser -prefsHandle 3648 -prefMapHandle 5416 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1b692fe-5965-4c0a-a6a6-3f00ca8af4a1} 912 "\\.\pipe\gecko-crash-server-pipe.912" tab
3⤵
PID:4532

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\CheckpointTest.xhtml
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:612

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:612 CREDAT:17410 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1848 -prefsLen 24531 -prefMapSize 245025 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b013a2d9-7d0d-452e-8e68-68b41de5e774} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" gpu
3⤵
PID:4316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20240401114208 -prefsHandle 2284 -prefMapHandle 2280 -prefsLen 24531 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ca9acc0-3c4f-469a-ab99-fd23dc6b5513} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" socket
3⤵
PID:4300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3088 -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 25030 -prefMapSize 245025 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3630d522-e800-4d63-8721-50593bd91981} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
3⤵
PID:2720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3744 -childID 2 -isForBrowser -prefsHandle 3740 -prefMapHandle 2840 -prefsLen 30263 -prefMapSize 245025 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a5651eb-ecf7-4120-9b6c-1861298d3e65} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
3⤵
PID:4136

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4588 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4576 -prefMapHandle 4604 -prefsLen 30263 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0f66bfd-1811-4c36-8b15-213eccbfa07d} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" utility
3⤵
- Checks processor information in registry
PID:4456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5148 -childID 3 -isForBrowser -prefsHandle 5140 -prefMapHandle 5136 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3d1bf4d-d4e6-4948-959a-6f4469c4f36b} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
3⤵
PID:3264

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5368 -childID 4 -isForBrowser -prefsHandle 5288 -prefMapHandle 5292 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35881242-b323-484a-8d70-e8b9d22a6f04} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
3⤵
PID:4648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 5384 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2868056d-0af9-49ae-b212-81560087d0cb} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
3⤵
PID:3560

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6352 -childID 6 -isForBrowser -prefsHandle 6336 -prefMapHandle 6180 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {deb3ba7b-7fda-44df-bc38-c373b30a2c73} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
3⤵
PID:2284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4944 -childID 7 -isForBrowser -prefsHandle 4940 -prefMapHandle 6536 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e160fb9-382a-41ff-95d4-a1bfeb6f662e} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
3⤵
PID:2524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6772 -childID 8 -isForBrowser -prefsHandle 4072 -prefMapHandle 6768 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd48a28a-9b68-4ba8-b227-2fcac1430392} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
3⤵
PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
b2e7d25918def2ddc141dff405f46b16

SHA1
ddcba72a7213c8f115776382cf1bf2ab289f1895

SHA256
c33ff49cb910f7fa756c3015c6b23b722a46b15aab367365decb040ece5b1473

SHA512
dbeba4abb8577fd8f89e41a026079f6d3bebc8265773b891e191c51ec404d90cf8d836e1625048a2f84d92907f0e0995a08e5fdc879f4ebadbd1961fb444995f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
f454a905becbc7409fbedf77168747df

SHA1
4a84b09ce62907882fce69003445c060e26a5293

SHA256
31bcb46bc72c0eebb0e97c506891fdfcc74b742ed21700c54727af6f95071716

SHA512
bc874826d191a9debe846cf54f7b0219a3c4a2845a539cdc7b55a50d2d1b462b1a3f0c08b2ce0af979519e672cccb3f59a574dad2ac1794b997ef0a317bcdf04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
746a476f81d9515971d73defeaecee34

SHA1
91f731757916f838f698e66bb4eb7d293af938bf

SHA256
80616c672d4a98512141f94dfa19527b8a3bf6f664bfd7446b0ed7fff9e1bc6d

SHA512
07186c760439c24f3ffe41c604a41813e67325eda6dc7d5a29c96d9b36536f31230e959f0d3ea0ecfca1220720839b7be583a715544a06b2ce5877cd00e1c5a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\195AFA146E0B23E01152957415B8E0171350A3DC

Filesize
31KB

MD5
3e6b380f4a3456560e4f5cacc45d28db

SHA1
88e2c2d40585c58838e751bf6bbe7bcc9c53d539

SHA256
71adbda21821666bb861dc3a5ecb71d0914c96c745af8c05950079a3a73c51ef

SHA512
a32cd032e18403ec490ee42bf1423fa14342d31fc70092842bef3b7777a3ba30b4ff705a193bb5f64835e60de60dab05a15c91376e4bea51aac353aebe33bce5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\22BCAFE587444EDE921F22244EA053DDAB858D76

Filesize
405KB

MD5
ad68137a62bf305d217c3542387ab3d1

SHA1
b4875a4668e5229dcc8cd256885d195d1f0f8d06

SHA256
9f6c56b6f4b1dd776dce642bd8c29dd0369c3fd20e8ef6487ef9fa59a03522b9

SHA512
50cda3143b8912aa274711ce6faa0c328f7f12d1dfea822caed6327365f951a7b5953e104fadc2bbbe4bb4af6cb8a0ba28c2f0de7dda305187491ada6e692b3f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\23809800099F4F7243A8E28FAA082A391F1B97EF

Filesize
1.0MB

MD5
bd695ea040c671df76be7020585c9a22

SHA1
4716b2e1e7e0df36c59d22e3efa52e3ed3b03009

SHA256
5ce91f161e9b2b73dbc69f28ed45341aca6ceeae9622a71e4e5356ab054d09f7

SHA512
2495d7fb068528c8a092d2f5b1e02078793cd44c0bbde14e5c41f9a9d35dfb4d8fcda4f7aa4d13e71eb3e3d87af9ea19d637258ff4ab48842fd664b3d5c6559b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
2adca10b5b80dd38f900783982a98164

SHA1
a6d453bb1df870af1e1dd59efff08a6205b4cd93

SHA256
0a46beea69098aed3e748b9fac887365835c521e1aed1c23c1bc5ff89d40b525

SHA512
98bd0ad2074bfc39bd022db64be398d2c5262f8a08ca5479f777c71e0f5eced930aa6831ac78386170870ebc98d9bba674965c23912641668a7f2d7f10be5e58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\322876A5CFDB5996E45A78F1630D4B45A8423BB6

Filesize
288KB

MD5
9721455aa1e137840f6599dc436b5a0b

SHA1
8fa248c1c513abb6c89508c32bf64a20f6562da2

SHA256
c0f303d6e42731a3263b28358ec6b268a6a9d0a87ed9ca1cbae987005e8876e1

SHA512
9edd5290cfb9048280c13c988da6050a68553db644be07e5a011aea725295562f4680734230e1861340830d20dcefbee0ad25b9eaa87db0cba5a60a428dc0288

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\3CF8E30E90321E1EDBEEE2C748177C4EFE4104DE

Filesize
6KB

MD5
5488a548ffc766d890b31b05fcd92fee

SHA1
032839f39e43dfe082ee841f25a3ced780fe4e10

SHA256
8a5c5c71bb8eaf712240f14bd28822802eb5df47c5df6adda05412ebbe4c05a3

SHA512
813d84ffebd2d60fc73d61199f193499558ed8b62745a78e7bde4d97b826bd0433df764d7f2927e176a1d9461b71714cf0f9a46a5b210188ce61db11b81469c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\43946536DC9132BDF1774C19DB065171191B09AC

Filesize
10KB

MD5
80a87977e9ffed34a4292745fb8443b8

SHA1
a4558f55dae7c889f2e2a4764c50974b6f984c67

SHA256
f0feae5dc6cf68c533bed81a6b20df00021366a29a2b7e94bf45458aae87e7f3

SHA512
51d7efc86ff42aeeef0762c176741afce4deb3624833241149941f12742cde31ed7638ac1ad594bde260d60e01513187432512fbc68fdb8a0a81e2574fef7f8d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\4A5E03C6FBF09DFBE29A6B45ED1303F91E4CA7CB

Filesize
7KB

MD5
8ee38fca38306b7e70e0ba420b65ce7b

SHA1
872d97f9c8d3d9e53ff4fed5bf50bcf678c928f4

SHA256
97a03600d5036a819cf98bf69131e1ebfe8befad1bba908b1d84d09b0ad77099

SHA512
1ac604f5e467ec4a2d2795a030249ab49cbff2e4437a92c1cff742337c8883168f4584742e3a274743895b5473157b8c00c08e5f3d62ccbb881f26a3ea640231

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\5287617E8E5C9BE440692DC4631917AC35D4C888

Filesize
13KB

MD5
9ae1c098fb5708e6cba06f1197295d68

SHA1
2fd4fcfc4f155a14b8fc2c18a27f0e5f8a130378

SHA256
7e46f7441f478db1b1f0a8aa9fa7a299a57aefcf243764c18cd508a27587de5b

SHA512
a37dd0801455f5613a6bf1f34712ded42b9212ce2c959625f9fb86babb4dcddb4533ebbcc8ddc9b53a630f3e377c83fb746cb1d02a154dc693675696ea20e1d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\6D041BA107C51B5D823F56B3E416ADA02660CD61

Filesize
6KB

MD5
2ce26d6b256ee51e832b0bf05bd053ef

SHA1
85f32cb11e4e49e6f12f518bb0f9e56dacf1c0dd

SHA256
1a6ccd7518bf47d7b5eea6e633089c9af3b880d59faed846e362f9712133fa35

SHA512
b97e806599e8ba5f6755ea747ded0afdb199b7d9a4ae312cd2d3f681198c6962fe9cbe8d7c4e55beb6098e35156786e67c93bb3386787191dbd3be383f815677

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
69540d8791fdace985a627ead154be14

SHA1
588fe1df03021d6261f2f1b4ea52f4ac7209f74b

SHA256
f8ef5d431cf10c7abccde4508a329e1627fb1c5c32bd340816eccae1967eee24

SHA512
b2cf686bbb89699f91ea581f7b3904f43b32a7d2f722f7b50d7b0062898b63a1d5f3f30fdf9395792829bc70e0bdb3b3125c6371425bffe55181dcc70b2fa819

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\6E425EBD542175E58892D81B98691B2E2425A60B

Filesize
24KB

MD5
6a2f4ac000da7887c51a193777e230f1

SHA1
6d04019ab6d063523beba6807ff2096e8a90f0dc

SHA256
4f93ddaa075dec16043e666fc9666dd4866b3a8b4626cae3e67f4cff66af71ea

SHA512
ebab3956b4d08a608510e748a5692d5a93fc773a60a42da01aff995fc527e4eca1dacc95401d6467f17ff0937f2037eed6987ac66acfc53999b758fe55f6ecd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\860191A2DF00AAB344D09955CCB09BBB3B4A00CE

Filesize
441KB

MD5
85ed9e364be8ddbebed3521095fac00a

SHA1
f077c685d655146cd098bf22cd8de25e89256094

SHA256
59f26dd048333dde34b9e990f26e8876dfb7bb8f6485a790a3933fbd14990960

SHA512
6496b5c93e470963646d2eca3e3f1402a333fde699206b4f62a15a7302cddfa5112c18c3ca8e4326e6eae484ad5cdcfbb58cb34171480bbd75db572cda893c4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\9E71F19A809219670E85865FBC3FC30EDB056051

Filesize
10KB

MD5
ac7b062c990cfaa7a0c97e6ed57bc7b7

SHA1
fe63162f91c84425e9428b7237d8833cc4073447

SHA256
f9cbded32d2bfb8ab1c00e5a716d70b617cba4a2f1f086ad3d74978b9f67b0f5

SHA512
2c98c7698d995085cb03481e859aab405e6d7b80a0c6a796ea83e704b08f30ad09e7f2764db47fa0d0a6b85be9a61bbc82b81da23c2892b04f6e76daa66cb075

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\A5B05A4570D24C92D32B4736439F0EB08A0D7A2D

Filesize
896KB

MD5
abee009e8badec66fab28f6b8790d9b0

SHA1
6e78d6ef2481d81ef2a4713c07d3b508b4f0fd06

SHA256
53b32c01ed45d66fa2ea96de863e70a5a64b71ed3b459f048b34b63121684bee

SHA512
51ae1ae0275a997d22089b530e92a14d4dc9114cb9b2b1cec3012b7aea7b04d015c82bf892094a9c6577e3adcc3eb815a79bd1a3a2c42d119e16df9ec7a8847a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\A6F257F365F9FA6FD2E251CF4212346CEFADBDEB

Filesize
21KB

MD5
f1dd675181a8650ec57de2eb7418ed0a

SHA1
acf4499e25f48b8696035b9a7f22403c5699441b

SHA256
28481be86e22b1309aedceae04fc7382cb141e740d46d8306b469e88e50b6b48

SHA512
04c4acbe8c4223ccef104680603ab7de05692182c42beada11cb7df59937038d5171448b9ce62f766b4f311bd9c24ce9021d49f327f773afbf1c6b761c8847ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\AB90A210A29A1615177F9393E8409DD4D6C176E9

Filesize
6KB

MD5
43cf058f97dd003d6a269bf5fab89346

SHA1
8acaa101d1270248e84a7c76808f0222a7dc9e8e

SHA256
48ac943b8bd7502dbadd2e2cdb8b6fde13269e9eee40ecd3c06962fdb6294ad8

SHA512
9b7c582abb40052ea89d6b9141a7c8fe66516e123043c649905457869a338ea0f9e66857d7a85d656015ab604175c4d610ce31766d3c6b50680d0dcd54a0c1d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\AD65A3709465CAE4D2101ABE98BEDDA4CA041D7A

Filesize
22KB

MD5
c0b408bf4e52512034b042dda91d1e56

SHA1
f7a8ef570642db8d510cd208def27bf576ab0646

SHA256
55a5f17041dd060c6b3eb796e70697aadd911b4a7364029cc5abdb89ac88a38c

SHA512
96cd7f539d3187395669dd7baf9f001d45437dc4938480ece8758ad932772364010980371367f5b83d84503529805eb73321eb0a7bf485abf2931fde66edcf93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\B38E21356D7685E42AE05115AF1FDB640787ED40

Filesize
23KB

MD5
3aef3ff83970c9927754d65b4f85010d

SHA1
9288ad7991c4d49686be1527821a8e44554cf9f4

SHA256
197046bca0313b6a1530b71a1a1515cc2ec83f6cccd14682bfa5231311c2b6d3

SHA512
45511bb6fcd1f9f2fd426d2bb8a9c1eb5e334cd2c00015707f619327e382ee23db0fb6cdfe091550da3b6a2bde394844d8677e0efb3de93c6197ac040fb32d77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\B4F85D07281861B515482E788F0D33B8190FE075

Filesize
375KB

MD5
39ea07fd00d20325230e8a8217487c39

SHA1
07753bc4488a4b31259c2675df0c3a72ab5d21c5

SHA256
4905159f8cdcc615c54af0d4b8adc3cd15936f53870eb50fc0febbadda72fe3a

SHA512
425ba8fada6123c57c0b15277badd09da2f144669bef1930e662bb398a2516f614adfc9f53bee45ad108626dd9bc4cc7c8d242c9491f9bee5cd25a76da796465

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\BC6BF4A154A87D3AF716008C654F6602A17204CC

Filesize
376KB

MD5
94e1a80d2e3dc37339dd6e32cc44f6e3

SHA1
6bdaa46e7d2ec1dc75a46ee13a083d8e29c5a2a9

SHA256
10c71d452ce98b7c9b24486225dbadb82abc2ad991a7b828bd43b38d7ead415b

SHA512
a493f732d0704aa15abcd0305bb9e13d966ffe623915f07a88a3a4b194bae9658629ff4d9a67c34ea2acbde79ab3aeeebbf9da03d36eeace702821ac4aa4aa42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\BEA62EDB2EC2EEB914B184DD280910251724B4D1

Filesize
22KB

MD5
3ae282ba87dd1c35024fe91dd23981d7

SHA1
f1fe8fe3e7d1cb27b38266b2f9aef6dee3db690e

SHA256
8c55615650996e4bd28d9d6aeff10fb4cbadd29083663545d4110cb99c636482

SHA512
41b8de42e6703f590d2c5438e5f0f1be2ade47f0989e1472c03fc42cff8fa2fe63a8486293573647408dd07344776c9391052bdfbffdf29dab743caa73e08dfa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\C46D4FB4DEF87E9BB4A1926D20C4851CD9F7C4BC

Filesize
6KB

MD5
85ade22221d08f0f1f9a2164928b9f5c

SHA1
ddc7aacbb67955beb7a00c983b7ec4225026063e

SHA256
a4d14860b1ecc82a472ba93ee01d65f06ae349043669b4e9c23ab6865d07ffdd

SHA512
ff81d119913f4ee990e84c8710fbcf4063d3f2f3f9275fd4f58fc5b87ea9a21123db09292a11d7f93a3b5a8c2a96e463da5de7b6b952fb71decccdeafa4c3708

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\C947B77E1E710FB3E4F8FE4CB2D6A0FF3356429A

Filesize
357B

MD5
8f248bd8e49b24546347d6fcbeb53571

SHA1
7c5b771129430d7e88dc5684233e4051050d535d

SHA256
4f381b075bed12df9ce8e2499f95f0d2c31a7d21c4b3c0c60abc11833b364b6d

SHA512
2e476182a7f17b36a045d0d98debe5ecb2fd9d94970eb98d5b214302f3991398049498e1eb83790986c9dc7a8eff2137230c1b761ada724cb16b61bfdf82ca5d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\CC346B494091817AAF55D3F4892E32290DDF2EB8

Filesize
10KB

MD5
322f65253d751300f00e1c7a6ad74cf4

SHA1
d11a054c9794763e3fac8dad2b9d761512616838

SHA256
b9941c04d90ca9e768aff5fa7ec01acb29a9cc7c6bd016689130dd7c7f137bcf

SHA512
673b933e0ba608a9fb63fefe74e76a9db5c6fba45ac3ac68b66aaf83c1c7809470103a26f1501db0ba1163802a8683d659a0b3ab659db22f5d5c4e8b3b6726bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
129KB

MD5
34c7b9917c1b37d302cf5b9098d72017

SHA1
bed2704f5a9985b995ebfaa4b68fea04fab63085

SHA256
f91313a3f01d22584a1c4d5bd8ca33b5dfa19b653ddf4ba7016ee76fd1c6cded

SHA512
985c7469365ee4a1fa84d7d4bf15ebfa62b71bfb7c61d35ca7c8e2bda903ed8f446fea7bc3cb81d6b994d039bba223df89b873ed4249106c8a343aee726a1ebb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\E4DE0D574740C6225029AF8F798E2955A36E54C7

Filesize
6KB

MD5
941401b604472aba23e7282a8e31e75f

SHA1
1a30054431c8359588043d3e70b239911ae3b25e

SHA256
338b3c53d51c1d5fec842f0a820257151c6b4286433b997e5b706999b51d7447

SHA512
ed67a5289f6f8c6ec1dc6278c35f5b3d05ea72bf5c81ea04c82efda9a5ce7ab3f9c1c1f7da165729d3dcff37bcde08da2b6fff54acf5d0771e946112e5959c56

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\ED6259115E081352441FC6A9BC7C1CF06B578734

Filesize
6KB

MD5
78e5378aaef3800d4293c999798b8a19

SHA1
985851f9bc5a96adf8e96680921086a81ab4603a

SHA256
28184466cfa6cef4ca14e6cd433e558f5adb6e59878557ae11e90e8ccafeb382

SHA512
9dad683acb6c621d70f1a09c189711c63ca3a75e9eba3d03a8f6afe75d79409fb178acbaaf3e114774ee89319732c7fe1cfd01c7c2fbb2d2dd5d7bda13b2693a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\startupCache\scriptCache.bin

Filesize
8.6MB

MD5
51e2b60b435eb60f5ffd1134e4066e6f

SHA1
a289984f92fa293f5f8ea3dd6137390469055dd0

SHA256
8c5bbf7ab0d3abbc7b3eb7856e887450aa8c966cc03c986a1b015fc6e68f6320

SHA512
ae88ba80ec0f78f74790597a2e7db2b2efedc9fa238be8e655599de1adf90fe40f11aafe80a83f26387295fd078e72eb400c64d998441569122944cf9afc8bf8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
ed8db3d6b9d4974475fde559a92c865f

SHA1
4c35f14cc6c161f1f7e0dcb0e707a7b9c5ba509a

SHA256
6ea662fa6c4056242d7837f0fdee60d920fb22d1ed5ad8b2765409dca480d4cf

SHA512
8e3a461c6711f1ba9678ffd9823e1d6096db32193b16f96fb99f79755111da49f6589ec863b7d58a3be9c41aab2e1f05cb5777b6450322adb812a0e6ec37a6bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
b3380c1a31aaf14b3ef4955c73cec573

SHA1
783dc0c9d99e60e6eb20cacfcb804267e5410d50

SHA256
2241122c9f7c26339ae9666b3c27118d81b42f7e5683f02c2a4cb37cedfff842

SHA512
bac0ace8e7af136a92d0f6d01d19126112dcb058cd157fad73ecd031c82338aba3ecf7978fa913486daa55ed925faa7b9c3648763e200a8666337a321f6d7319

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\thumbnails\e36eb31c634e3105005f9168ad43c070.png

Filesize
9KB

MD5
11830c2dcbaff3f3092ddba72a22c487

SHA1
5b9faa544519bc94182982c3101f7e27812d836a

SHA256
b3cf039cb4e4fa4430f36be0c43ee7a780554022225c4e066d58cf24d7a0bdde

SHA512
5388fc0a13152bc4a49e763b6286373e0c2c837436aa5b3056f27e86c4227f306a1b235c5cbcf577f5ff4eb543af19f079a8cdb6dafe7ea0ff6d59ff7b07d917

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\AlternateServices.bin

Filesize
8KB

MD5
8e02459f5ba4782397d5771cbae07c03

SHA1
f95747d4b9c11db59104413fcfd9a0744afc06a5

SHA256
f1f9decec8c5599529bab6bbf192608fee42e64af4cf8dc44f4fcbcbfe8669a7

SHA512
3375e8e886be170114ba91f96fc9d95af35a7f663203b926048a0907ab8eeabbbf037788e41f707e91d5bd9eb3eaeb90ff927294dec3bc3ba69bf1c2883fa11e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\AlternateServices.bin

Filesize
13KB

MD5
53f51ff8410e5a17fab0a723222e1a73

SHA1
5a7816b30aa001bd5ffda0c65cb368e7822cf5dc

SHA256
9476a12c2949ac761040049d8572029b465ca650178089dc56539a1d2b2ceb51

SHA512
c93be2132bb3aff739b5c7726cf1d35eafddadffc9c2dcfdbabd50b01a060cc5c47f9103bbe9045b3d3a7df8a9a8c4ae64b21de9e772c4407a85ffb2dc399c6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\AlternateServices.bin

Filesize
18KB

MD5
b9a5e0ec5a38856f520ef8b2fb420f38

SHA1
b65bec68c2aec6b07275aefb7251085a7a2c5126

SHA256
ce18d3bc941647157565a56f823e5026467b7ee13d89853ef6b7603c030c8e59

SHA512
304822b57a4bb73af6f0b0ff009b42a46ea4e9704cc1ea2c454c850659aa27f0a5b300fc1dd8f579f38a2e449384ac94ac5aae241de66b1a2c6b8a1d010e5694

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
59c826e325b52b7de7fe41515c94e449

SHA1
7c3cfbdc5f7276fd1c7594f115796f9a580ebd75

SHA256
b1764d471d8688b66c5ff2bbe3a152354c3ac21492cf2def1d0a7c93cf3d53b9

SHA512
3474021fffb50888f56de961cb749875dac0986c0b51e74961a7bc36492bcd3b282b97918f69689d919f05689e203b0eef7ed413d8f71785d9c586bbe7a8f990

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cert9.db

Filesize
224KB

MD5
c39ec7cb5ede70fe2900b7fffd227637

SHA1
9aa2898fe9150b255557c951e9850c2f4c70ddb0

SHA256
9b42e9ae9a570b1f8977cc0b0ccc899b0b0a8769884ba57a9acb07b3d856cb9a

SHA512
21c4ef6bdd20bae0210268c3455d3c0ecdc9c3e391fd16035d0c98706cd98b7779a6cad2b262192c7c3d41a18482ba445100109e6520c8c19a4a4eda5faa9150

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.bin

Filesize
45KB

MD5
ef850411d5937b99cb97d7614e8e375e

SHA1
b392332d6d528dbc8ea0f69db06505d906f9be68

SHA256
5cae9d1a4be9b66adf889836015c111f560603155d3bf0b876ff12d7ba6a3f29

SHA512
cb09afeae4cc390be3b9fda39baa67cea1e3d9f26066cd03a8cec1a56fd86f73b7507168e0a662272cec09f147530923141d36e9bbd7d4fe2fb159aace4a0d09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
36KB

MD5
0e99de9249b4b1f1b72a96ec1439cb67

SHA1
074a4e690b42760e4a3f7a23ffc71aa466daffa4

SHA256
b03b3f7da1ad8da590394ad3642988732549439f6ee012524962feeb11f87869

SHA512
790292313af21948c9d36076a6ee356b393953666a8d12f15f6ab9a81465b5929253f6209b9087b09718139d4a43a6826cc9b84ad96e1deb4f98c043a3245e69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
8f447b07f94ae11027e57053c818f9fa

SHA1
501d8f1b90ba502f8f9dc7e3495464025beac36b

SHA256
f133723c1a7dc4ea1c8d4eaaa1593c48e231c5105c44275f7700953add99e4d9

SHA512
213a05d0d9bb3b6fb89b0cae1cdd6470468e040f94744156c678bf946b869fe99807ae6f6c53a720eeef3ef91d1c9119aaba91db3042a42f3c465b123dff1c46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
44KB

MD5
e6bc0ccd241542a2e2ee02e031034edb

SHA1
c33815d332aca76e53dca64900f2416ee4c2f3df

SHA256
591dd086080fae3d4d5ace6e9f0bbedef350b00e19ac404f09c487f76d9e1cfe

SHA512
7ad8d2fb0c4234ef816c528a84cb49b44560ff6ad034de35b6019fe27d6a725331a502666a11faa4dead9297171247c44f9bf3deb88295dc3c7725cc88181728

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
073407bb2ab67e7f2d73ee76c1b4be32

SHA1
da141936d5af2a1ecc7338142115cbdf9409e0bf

SHA256
8bbf8fc117b597e2aa42275499c420c59e8d386f29ad3d681ee60c46680d71d3

SHA512
4d4c01a13476beb60809d39eed434d0425989daa2d6e3584c2dbe40c70d73f108e58da1dfbb7fc1fcc12a1f22b742de89fedbb76ea5d1f92ba22a8499a7ce946

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
44KB

MD5
a0dc86a9be12e8a2a5963944edf8d778

SHA1
1dd7bbc290f7e6f6b9e640b4b8632c1b5e7054d0

SHA256
6e9b9fd4170cd26c9a47c03acf772f5fe17c857637c1d42f54f7f9b72bca76e0

SHA512
3f7dfedab59dcf5657f8b901aba7a9717ebbc76692972e593841e5337be5f4331251a39b46bf18686bb29d0e38708246ec2fa3882ff6a57b5cd68d6657918098

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
44KB

MD5
1cd38f6b79a92021e2eeb0969ae7099f

SHA1
0fc6b86fd541152dc73437bbfb0047200fc5ae3c

SHA256
fbb5b052f40b4e07f5532f2e2f0bdb86fceb1336127dba7a130d8053dbabaad8

SHA512
fba9024baf4b6f3eb4c3675980d20775f6946063700c37eb36fc573d77c2c809d3f9c84fd53609550bad283b90ac305fc9bfcaf649581e23653f55d8ac9c7c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
63f985795fb800cecb7ad2a4502d4cb8

SHA1
6e85e3bb14012c5940132f83478078ee037c1aa9

SHA256
c5173dabc7c7b7573973c6e3e6666b5d68abeb8c849fc93e37169522d9426d2d

SHA512
cc4fbd0d9bf9ced211ec7b17e1296c535bc3a5b7a9db1a1e115ed4c55a7464258db26de7ad8ce15626a16312ace96e3d7402c3ca1eb93b75f6dd3e6b047270c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\events\events

Filesize
847B

MD5
ab6ad9eeebbd8a9b9893276276ecd4de

SHA1
4ba019e646b7b53e25a39f4edf487282d76a502d

SHA256
8c028992f55a6380ec79ef1d8399878a01dc79aa93a1ba1c7e0ab643a113824a

SHA512
1d0681ba7cafd381c193e8fcd86c3af081f3d8a7c3487d9196773386ad938240b989f417b0a8c7d77df46dba18c700f6f56776bf18055c6ead5bbc30923c1855

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\events\pageload

Filesize
374B

MD5
20b401d19cddaa85b5e0d1fbe899e6b1

SHA1
05758341f2c0be29f4af131bdd8854161038b944

SHA256
3bf5591e2ffbec6ca24263530cfff6e9aa6895c80fbb1e13b1b4e5b00fbdc8d0

SHA512
351256dcc3157cc75d3bf3cca0f49bb89460701a19abbf0ded1983a20a41a7e2577df08ca63c8629a7081dc98606797b77cf146d689b0edcdeb7799179580350

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\6484a0bd-90c1-4cac-88c2-3881b897cc6e

Filesize
5KB

MD5
dfc34fb85aa061d97babc6c7976bbe96

SHA1
8485be78b656b66af4f5e5689071a2d9a68782e8

SHA256
a1578a294fda5075d3c033ddc95ef3c5512dec7130fb3992b397064a98f258d2

SHA512
8c4b9329030c765b9727b43084205ec3b5b75f1e59634e82414aec330169c461a1c5f54e1e524798d8b31272893806aab73e0d54b9872ba789ed209fb2e02f2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\79a56144-2e2e-40a4-b1dd-c2863f1f5db7

Filesize
763B

MD5
338d8f5ea80bde884a0ea4cb30b6a7b7

SHA1
5ca5196fc7a345781c3ed459b29fb4938ba68650

SHA256
6e69f9738b39900726e39483811fe884f19a0b8057090814a7a4b3d254825354

SHA512
a4b477b68d262e265db5859e68d60bd96e221c82082cdd76140ec70b434ff6b69825d6496e209ec0ae04fc5f547ae4e7fbdbbecbf8c62e9533209ce2b424e45d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\a1a6a702-d74f-42bf-b21f-370b7723379b

Filesize
982B

MD5
06b988b2776039b92a99b7ec01dd5e29

SHA1
535c2693730e2db2d4029538cdddeb5e426c6ae8

SHA256
e907dbd05df72557f4991bcea1bccd9dfd7390ec595b5f2b8589034aba254940

SHA512
55cb21ec05fd2045705f59a2bbf2b7d8f6b707beb4e8b5e3d72ba6666491091b7463062924d8863d6ae9ecc10823daacf9c7ef73b4a0bba1770a11a2d87d7928

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\a9dc9bc2-4f4f-48c4-b71f-9c10aa8c5827

Filesize
734B

MD5
8ac650716cfb45f4772d16c99bf6fb4f

SHA1
b9165232489f0f878bd4feebcc4e0bb51f38282f

SHA256
ac24987b3e3327bd524e1951748d73591bc3b49399c3f0f07e2747fd8021ac38

SHA512
5ff5546ad473f849729539c93c02768b112d7048375122e78c679274d643f8588076358d297451eb9960de364e829a75409a9cc65b067d97701d5c80fcbed9c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\e176cdec-670f-4b0b-a3e7-cbefe44d9aac

Filesize
659B

MD5
8406280b54f6499416e6f510744e7735

SHA1
159f847ed6bd6949e135f15ed5ccbf29c1c8cdca

SHA256
8cd34de0efe933051efa4b7c098f2c0cd4fa9dc84398ae870947c588d9fbb194

SHA512
7f0b477b691188a778c966367c3eab3ac3585bbc766703d9746fa8074c02a44d43de8c8cd2c1fe14bc6fc377058723c9e4145c1053a3ecd840585acbbd132c39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\e3b1049d-34ed-4120-ab17-0d580dd13502

Filesize
1KB

MD5
d8bac8fd6fb4488ca423b477d6656b92

SHA1
f0cc40f60fa2c6a2881bce22ba345aa2de6e0928

SHA256
0bebaaae45f0622dc4f7d6548afac9ec28913481d68062cd231e35bbe090e8d8

SHA512
090fb580a6d1dd92aa89e78c9d09b0238a4df87b15044c9ff35ceaaac981c6213f15102da695518697b94f833554f86499eda632975c8b44a111b148281ad486

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\extensions.json

Filesize
37KB

MD5
6d74236fbd6c7d5606b3ccc5a1b135ed

SHA1
60edf144a1a7bbee82c968042d129a5582e16005

SHA256
f2e546d5d6f4d2d013368c5713a943bc29c4e20cfdd43192d12e1399bcf17de3

SHA512
8d891c4cbfbe8b2d0d97fda123c38daa71c94d9503ebfb98d24f17aff78ae5183c2b735ad59684f1fbe8a6f2893a17706313f0ffde2990b2ca654ed78307f404

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\favicons.sqlite

Filesize
5.0MB

MD5
96bc5d90254bd27e4f6ea52f0fde1b29

SHA1
47e46af4cd3a6ad62a2558e19886f92e12b3b9d8

SHA256
2312f43d0130f72b6d620c98c4ede8a8094bb6ecc1f8024d6a6b96a23227d706

SHA512
2473795bf9a23b521827737c1244db4dbc0fb4ac9d306cbe091d9e8ed95f76a9c7882c0f3ca60026a2bd8f7f659641ff51f688ebfe34b33fba0c9a0d4ba51ee9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\places.sqlite

Filesize
5.0MB

MD5
7f9e57359db0bbf274e3f1d78a33f8cb

SHA1
7fe5a6ef14f722576e393b52be59a2d1c7764f20

SHA256
bb8b19aca05b13ec573ee142ef193ca796a9f4922fd0604e89d4c9a5a353d295

SHA512
5f4ec279347376947e6721bc698c76310d79796a67700e6d152422079a5975cdffe4a500a395544e912eaa4733a7a01c7432a571f127db1a80bdb8d800dae059

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs-1.js

Filesize
12KB

MD5
ff1f7ec3cdcbb507a791ce3de39fda9b

SHA1
90d3024f6525173da7425a25f85950f52ffbbe57

SHA256
696576165c145fd1a27dcc19631b1b3028de3fbf5adb1ddbd7fe4fa63cc1dcda

SHA512
8c3efc86438043b5d5cffc51cbfa3d5f26af30ea4f58c32b94815fe474132eac47c80e482143a0872c880bad0de6d1236fb412998f08475023f8757a47e59c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs-1.js

Filesize
11KB

MD5
84249feeedb34ecbae9ec35d3f0b4738

SHA1
cd50829eb86514584d08149934932de76da48024

SHA256
04ed465023f2a6f3507473c09fb033ccb2dd15d937314f61ae5c7065d098916a

SHA512
35ee00f0eb29858a0c8a1c6e3525a82da3828aa7b687afc767ed01f32ab503f4e0383091c7f4822553bfc8abe8e9b3fa6dc7d687964241d9428030e397bdeb5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs-1.js

Filesize
12KB

MD5
98ab37f8f4f0bf940b4254831f6a4507

SHA1
2957c3c12ee4897296b1145f64e27049bf5ef699

SHA256
4255c3e9c3169f5367e2f52a3e4210e7b5ec2ee586eecbaf230aa97a8a23f5fb

SHA512
edd2ec574088d835496b55901263cb296c4ba2f7996adc55227e16564c5fa720458e11eb2d6dac3b284ea77a9a2d0ffb9b99651f71a0635d2464210801457948

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs.js

Filesize
10KB

MD5
492be699d8894d45e8feadfcf30c0449

SHA1
8f404cb4657a820dc3ca54831e914cf736cc26a5

SHA256
b5f9eb3b8548c567335c1eb99616af0787c7385cdf79112150de2c5c4f52a2eb

SHA512
7a1aab53c5d105e6d29ea8cd4b325001c2fabedc7616348b1e241e830643e3e7d4eebe56fdb407b4340af239edfb31fa3c027e6046f5535efd2e834b2e37ed86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs.js

Filesize
11KB

MD5
98f30a45cdc81a007b20fcad2d8a1a19

SHA1
4e7122ab783bbbfa57a033a32a6d617e202f5898

SHA256
c1452a2692cc548b615772c4a87a1187c28bb46d40ffeeba76695fbc712b17b2

SHA512
8657b566cde18fa1069d4e3219d51622b6c119be84dbaebdb36e5bddb08c938db77f9f2a9af3c973a7449beaddff400e049e4b3cdcd6a1a702fa78b75fe7e4ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs.js

Filesize
12KB

MD5
11af6b56851a9f6d1bf4617f67732bbd

SHA1
1712720d0b2b29463085522274917226a541f795

SHA256
0a8a70a4e60e2e0ebd46206844af3f6b7685ba8e656af8a062815674e79fd3c9

SHA512
ccf54d6b1f9555ce3770967565b16d5154c0e4cede19b75a8d91d51150e93b3261fc8d752dd13e67ad0e50b5707aaf690aed22c82a2cbfe00e1d62bfe32b3546

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
4438207df6d469bae1464343a9a202f4

SHA1
ec28dc08d33f7a2031f544711a9863b0fdf2056c

SHA256
5764c469f400d7e6dbb9026bde96544b3f193e1a41d7993ac0bd6a6fdb2c2f7a

SHA512
19be9b9c1bb6e143bd00a79a5a74f083c2f2ce68be5daeecaf085cd6ff86d4d47fe36db70e1b54eed8d6c1a75cf8d4e596b56609c61b382af499ddb3ffca7022

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
d92559a98373b5a8f7dc0fe09a919d44

SHA1
8c79d141a6061d773f6dd6264449041adb26f76c

SHA256
69bab00d5b5f40e6207d320162a325ac75e0f3df08ca7f5a7afdf7f5dfceca5d

SHA512
2a52ccc226648b3cb1165f8747d629a2a98f0224808f8bd5eca288b83766a5c41f32aea0483bb0668f0b9b43a00a7e40f3716b231a1a881885697cab5b5faed1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
f3c5018814e1de952359aa7804129cf5

SHA1
5df01416171ec6b24af02a203a0ac015753b4887

SHA256
9c96048896d3ffa7b83d376a2bd1fb99fa053e815bf48a3a5fca8ac0aea10864

SHA512
e330b70ab54b678bbb4871077042c97b371fb758c422cdf3b51c2d0a326c2f5be96f179a263cfd352de2b24ad2198636e7c8e3716202a5b321a150f370523402

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore.jsonlz4

Filesize
2KB

MD5
2a1e5d034c944cabaa0e74992da128a4

SHA1
f23c8a752ec2188804f148333296d941ca6b7a56

SHA256
6991a34ecc9de397891c8d1a8e9df2c9d01ea7ced572b1cb65c4e714cb564197

SHA512
e4de42134efc300ba84092312f90f380232dca464d63c091c65c7907be3a8adcdd5dd3c86e9565429da3c16fc2f4f624649a3924c5a0dc07f39768c3c35e5e16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage.sqlite

Filesize
4KB

MD5
23605e20ec7b9c605b210ac3996e7a62

SHA1
e01d89d33f05c4e7ef9eb63d1487b297b420ac86

SHA256
1387ad3f14749464f83e64bff542db5bdb73d1ec9a6556bbf3041d943a7e3003

SHA512
63f6a0102efd24da5fd50b0fc6ff00da33baf2cf3cd2fb1596e6293aaf551ec41b2ddda9b868f606c3c7269132e282d06d3c815b75d71ed9c2e46354ce588450

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
3e7bda41742afc1898412590e2b22178

SHA1
3ab30ea114edb7fca8746984921bee60bebb9333

SHA256
fd32cf179a83443dc76cc4a5a2157cecf592ffe0c97baea4870d059e55142132

SHA512
e178b546489918e22d8d4c786476545c3449536b2b09c6a30e7863cdfbe60c707e007ab663c7744e79a69817e67a768c314adee8f6bc466d717dcdac8c758cd5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
568KB

MD5
2f9e1a139978c36f9715fbda7d95389d

SHA1
fb606b985f60ca9ddae1348b5fb26e0909524ecb

SHA256
aa73307ee5c9a10a2df5130e0375fb0a3b3c8528cbac311f59d92f5ed201b393

SHA512
3739da05cd3d928de4db7e7108fa0d972900b03458ca5b8b67737c7a4c7da7b9778bf06b56c25aaed7726e545d7fd743d69661dd03246eade9c26512f086badf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\xulstore.json

Filesize
217B

MD5
3c7edbdeecdb47fba617e3d03c36b0d3

SHA1
53628ce8c5170810fabafab8e001bfd971d47825

SHA256
c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04

SHA512
bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842

Download Submit