Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://staemcommunnutty.com/gift/activation=Dor5Fhnm2w was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 23:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 23:56
Reported
2024-11-08 23:59
Platform
win10ltsc2021-20241023-en
Max time kernel
121s
Max time network
139s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://staemcommunnutty.com/gift/activation=Dor5Fhnm2w"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://staemcommunnutty.com/gift/activation=Dor5Fhnm2w
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1920 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f34573e5-f87a-4e8c-af95-62385448c8b2} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2416 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86ee4f55-07c6-4b4c-867e-3abd1d58c1dd} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3304 -childID 1 -isForBrowser -prefsHandle 3396 -prefMapHandle 3344 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afcdb3bf-6364-43f4-9817-68b78c48b9a8} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3568 -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e626449b-7058-410a-9f4e-31f8de89683d} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4676 -prefMapHandle 4672 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b9aed2b-f95f-49ff-b1b7-0cd0db8c1692} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5248 -prefMapHandle 5228 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebfe89b9-084d-4cb1-9e98-ee871ceb06af} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 4 -isForBrowser -prefsHandle 5524 -prefMapHandle 5528 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a28f1d3-6276-43cd-967b-95318bc3ee93} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5732 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d01d94c-df7f-495d-b5e2-44dfa6a1ba2a} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6264 -childID 6 -isForBrowser -prefsHandle 6368 -prefMapHandle 6400 -prefsLen 29358 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acdd04c7-0ee7-4e92-a051-bf06e13e51a4} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4560 -childID 7 -isForBrowser -prefsHandle 6272 -prefMapHandle 6380 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccfb7b31-d678-4631-9fbd-4dcab3671311} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:49782 | tcp | |
| US | 8.8.8.8:53 | staemcommunnutty.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | staemcommunnutty.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | staemcommunnutty.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.234.200.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:49789 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2---sn-aigl6ned.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.183.194.173.in-addr.arpa | udp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| DE | 147.45.47.205:443 | staemcommunnutty.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\8b727f8c-a106-4ced-8881-8cc1a7ebb4eb
| MD5 | c535597c4975ba1659cdbee3b11f71d0 |
| SHA1 | ad74c4e13ae23b614462c5eaa6aa976a2ecbfaaa |
| SHA256 | e28b0fda48a099042dca6ad15ba2c93835967f6fb8c6f314f539ab9b7540d1eb |
| SHA512 | 24b64c4b8b07c08056376f1797f6e9458d7e427d80d864b0f4c836a877817eb0b5d99e2f4ffbc1c9c75ca2a1701dd25c0d4f8bec9e72eb1cb174ac620d1f9781 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\4343087f-0142-42b0-9d7b-86f00a23de97
| MD5 | fbda8aab7f2c8395770bec45e18aa4fb |
| SHA1 | d0966c7240c7a48908adfac3ad53da7ba72af15e |
| SHA256 | e1af0416e069732e8fea01958b37b949160c865e8dd810a829fe891e71e8e9c4 |
| SHA512 | aa8fa365b3b0e14bc0e5af1b64770266fef9ec050c662ca6034b819d9431bc369672219203ee44b474c9ea5c1cd26fb3d45c0539c9fb1f860432ece12746e1be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\f3eca585-55fc-45b9-ac79-d22585aa62ce
| MD5 | 9d5075cf382d4698b0b1499f9b29a764 |
| SHA1 | 29d3a79fb4511a3a1d997330dcf2801d07a9c6dd |
| SHA256 | 9d0194fe82d15b530676816f3dce865a7fe1803f07b9281e11d8471c8fde152d |
| SHA512 | 88e3f9825d15d3673a5760736c810ebfd1a7f75b45d6cb5d8fd55a0c18ffb791d29a5ff159b0ef9be90315386d72690ea2bbcab35e52953d4a482216ab74c92e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | b29a0bb0796f6899a2f8c995bf0dd014 |
| SHA1 | 00b9199a9665eaa960c9483e59109574c6cf5dac |
| SHA256 | aaf719a63deba78f5ad1bdfd9fea399f48864a65111610552b4c599e39ea261b |
| SHA512 | 4456b090e90c75b02930c28ab01bd6ab8dd2ec24b2033178ac8fa72b58d66b681cc73459dc9d6e442f261b2c8c9d3bf4faa9ce4ba9102077746dae602acc6799 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 075ef61ae74cd46a77ff6807d09cd2cd |
| SHA1 | 2b0e6f3f8e42a94d76953cc572e2278d6a2e5919 |
| SHA256 | 28dc6ed0f621dd68773c5390b666ecf4040da909b9797e675a350d1e4a488fff |
| SHA512 | 1a2ba0d6d0df228d576d03902df79543e096b7be30ca2e8cf7e5a33ca659d24282c5b39aed3fbae5e70f3f0e5dac17d64cff846d2c40892c12d158dec7e162a0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs.js
| MD5 | b9f30ecc77ba982d8656b42ef106c5c9 |
| SHA1 | 5c82fcc9c4e20e5366a0296809a2a54e3085dd1e |
| SHA256 | d5062a07b94e837b0d0b3c925deed359a4db4144618efa9069db60a115ede8b8 |
| SHA512 | ab004e1505f07cd1f5d0728ebea42ef2f0e51ae961ea1208e29d8dd3badda915872c4b27f9f3ff44af27a4c918c35c47a19079d38b9930f0ebe818bc66087623 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs.js
| MD5 | 84b93425e49ae1fd1f3d1be66e865c39 |
| SHA1 | 2de539c5b520759a8cde150c321b031268ae25f5 |
| SHA256 | 4ecdaae93476984b09aa78724ab8458b23e01fe3e1cb98e0e81d16e5e3f67f35 |
| SHA512 | 5ef85869f88147851a06ca1ebc3e9e63445a32fcf4fbfcd39c818b0ccceffcd3668a17f5482a441207b7044cac495027764765f7c7980e47713d4a25d33a5934 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4bea20fadcb5561c908cff3f2feb7df9 |
| SHA1 | 3dfa68f6148541943c81d8e2ed4c8dd6746c672c |
| SHA256 | c0f05860904f7a062e71b7777c080fa3f005a7d400f669f09ffa7e24fa82b4ca |
| SHA512 | 43b037ee8a284ee93c7f0be377fc626063ec4a2cee3709049edeae696475dd924316bc2588871bb2248c397f2dcffad4c4acfa5bb8af965cbc85a591b096b07d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs-1.js
| MD5 | 88a5562097caecb9dd70818a06a8c045 |
| SHA1 | ea6622c89e33916c9130e0670ca2067f47bed4b1 |
| SHA256 | 6fdd4cb4a16f79c2912e1cf117edf073ff63c85904e6ca2fc13bc6c18c797c4e |
| SHA512 | b24e89509bbd767b66b1a5fe6b18ca330eac3139c31d0d2792e69ca19d9e8b74ce090631f7860b683587a631beec1a356f11d575e088558dede43c0bc8bd2301 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\AlternateServices.bin
| MD5 | 1f49d7e641ad8da25d5d3e6c995ac38d |
| SHA1 | 10b52a37d578bc657f03b9d93278729336eff987 |
| SHA256 | ed2c115121efd1888e014b8e9b36040ebf18b7469b1b5dcddb65613553cb06c0 |
| SHA512 | 129c77ac8e8396e9512a8e3b2238b34a70198e69dbf3680db2794d21e267f2ad37840c908e3701cfea25016f261b432f5f8af2a27b1dcfc4a5737fcb6c741da0 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 38a3f69a8042e51e7d129cd5665fcf79 |
| SHA1 | 99791b54b0d7853eca7e1abfdf0307a40d72f0f7 |
| SHA256 | 3a675d41fc509c75d5f03d8c2bae4d87ebc04dda90005bd256ff296deb8b4040 |
| SHA512 | b7300f323b5fa7e7ee2e0d4eeaf00ee3dd27574fbd3e3fba9a74305f5a6b9c1aa6070a88b652a001902778c18d4bfbd9f19868d868f62d61f2496caa7009f832 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 85175c629ed918f5007bc3c30205b7fe |
| SHA1 | 2240cf3d47b02b75a200ab0813cc302475dfbc60 |
| SHA256 | 810266f29d1c0c387b2b537125240a119d80ccae2e33188bcbdecd0aa0dd3f11 |
| SHA512 | fdb4cfd2bef14a7d84795f12459af35ce572128a4b01b8cfd3325aa0b44cb5a99a62f680b93ca3b1caff5c52dac9c430a3052a06d61ffd7e001bd7c38c545333 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | d64c467e651a8014574a29c4b6180c3f |
| SHA1 | f2a5c56c54d416e67496d4257ff7e0c36fbf9e9b |
| SHA256 | 17554c5d6eef0df6487f817e34243d10dac6a1019147936dd7e316bc6a958a48 |
| SHA512 | 43b057d9a9f8637c4ab182b47a08ddcde1bd7fa851b6075d56aa6969ea381ec5d45e036bece2ac244c068b1e0c6fd2009cae7eb8d51516c04077443392b3d294 |