hxxp://stackoverflowjobs[.]com

Resubmissions

21/11/2024, 04:08

241121-eqraysyaqb 1

21/11/2024, 02:34

241121-c2lhqsyenp 1

Analysis

max time kernel
36s
max time network
45s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21/11/2024, 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://stackoverflowjobs.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1404	firefox.exe
Token: SeDebugPrivilege	1404	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe
1404	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1404	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1476 wrote to memory of 1404	1476	firefox.exe	79
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3128	1404	firefox.exe	80
PID 1404 wrote to memory of 3656	1404	firefox.exe	81
PID 1404 wrote to memory of 3656	1404	firefox.exe	81
PID 1404 wrote to memory of 3656	1404	firefox.exe	81
PID 1404 wrote to memory of 3656	1404	firefox.exe	81
PID 1404 wrote to memory of 3656	1404	firefox.exe	81
PID 1404 wrote to memory of 3656	1404	firefox.exe	81
PID 1404 wrote to memory of 3656	1404	firefox.exe	81
PID 1404 wrote to memory of 3656	1404	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://stackoverflowjobs.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://stackoverflowjobs.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d1fd970-0749-4e13-825d-e20b258acb67} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" gpu
    3⤵
    PID:3128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19b0b3b6-466d-445e-81b4-be9c7db471d4} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" socket
    3⤵
    PID:3656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3120 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e06a7bc-725a-4595-b321-8a75aa831a58} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" tab
    3⤵
    PID:3900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3596 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ddc6614-d6b8-439f-be13-ccb6d7de3033} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" tab
    3⤵
    PID:528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4820 -prefMapHandle 4816 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51d888dc-2b39-4d4c-8b2a-425a6081ec06} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" utility
    3⤵
    - Checks processor information in registry
    PID:3224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 3 -isForBrowser -prefsHandle 5284 -prefMapHandle 5280 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be8e5d9b-33a1-4dd8-be7c-d1592eeadc02} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" tab
    3⤵
    PID:1256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 4 -isForBrowser -prefsHandle 3096 -prefMapHandle 2972 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a37b5a1-c835-40cd-90b9-03620c02387f} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" tab
    3⤵
    PID:5084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 5 -isForBrowser -prefsHandle 5748 -prefMapHandle 5744 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecc96b0d-2265-4328-9ffb-2e33b3e01c1e} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" tab
    3⤵
    PID:1332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 6 -isForBrowser -prefsHandle 5884 -prefMapHandle 5888 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eb670a3-32e9-4e43-a163-b4dac2d49844} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" tab
    3⤵
    PID:2016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6104 -childID 7 -isForBrowser -prefsHandle 5948 -prefMapHandle 5952 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45b57d51-3879-42b2-9dc7-c02a19d6082d} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" tab
    3⤵
    PID:3116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 8 -isForBrowser -prefsHandle 5308 -prefMapHandle 5448 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58cf321-2336-4eb6-a98c-fbf9d821cd01} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" tab
    3⤵
    PID:3920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3608 -childID 9 -isForBrowser -prefsHandle 5340 -prefMapHandle 5316 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05dbfce4-b44b-481f-957e-5a335c698009} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" tab
    3⤵
    PID:3876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4592 -childID 10 -isForBrowser -prefsHandle 3004 -prefMapHandle 6140 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccefe3b1-4657-4d0b-b054-19e1ee70a77e} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" tab
    3⤵
    PID:2040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1272 -parentBuildID 20240401114208 -prefsHandle 6140 -prefMapHandle 5348 -prefsLen 29276 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e101b6d-f5a1-4e20-a96c-ae0f64832f73} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" rdd
    3⤵
    PID:4668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6608 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6548 -prefMapHandle 3004 -prefsLen 29276 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69010e2e-fe12-4caa-9c2c-591d154a0748} 1404 "\\.\pipe\gecko-crash-server-pipe.1404" utility
    3⤵
    - Checks processor information in registry
    PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
5ed3332f819d6a3d220fd5e27ecd6662

SHA1
6a4816722ed2bbef60b65c9d836f57fc736766bb

SHA256
a9d1ce3c3faa024502a82fed9e19b4d218ceaaac78affe3529f0b903536138aa

SHA512
2a329d0b50ca799ec3883f0311433460508f1f9f6885996df97f7a3461f78e8cdab22a6f76b5af145d3526f35ca7f615913717fb3e42b3d5d2af7d4072a0fe74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\5D32748C90070A9686D35D014EEA9BBF799CF5BC

Filesize
49KB

MD5
5f37427af599e35b9029b27d4a341837

SHA1
5ccac997cc37628cb0019bc553c83936353c944a

SHA256
72f75685698731ac58a9128fed6907ea099de039d3dd10fe0848dc0120e88223

SHA512
a6e067e41d14b05e8a722b5141ab6cf53c03cc72d5c93a1fe076f2eaeebc4b6837c2a7286b3ae4508550b23905a1c42b3016b6acc28da6e827d82ab72b588d85

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\thumbnails\8f5de0300799dbf7357d9c98ee5aa458.png.tmp

Filesize
13KB

MD5
2a7daa838816877dbb8989048088b18a

SHA1
1150e933a132d210f3114b12629ddbd54e830ba7

SHA256
15111e1af3a5a901b0eb95b9d51080b4655fac103777a4b591a5559f8a530c6c

SHA512
823d3471dd71e732b22b2a6b0466350dc29d6e3daac6f9dda56fa77471d0d136c871fe5e9b26f0e42cff349ca74612e659c1af1387bdb94fd9e8dab7cf7c3055

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
6KB

MD5
b1f6e6386f25bab56bfe5b00827abb09

SHA1
ab0d683ee46eade50f41b6353e8ff25cb9545e69

SHA256
c850f467891850f19df5a4f2ba1bb14136ee5e345f5cd083e678bf0dd50e1b69

SHA512
bcae72b61746c61334521540a5cb378774eebf72b1d9e2506521107a79d21aeead7d96179ab3d75be8fcc0ed2e823924db26b36308c6d406e192a800620dd460

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
7KB

MD5
ac4dd35dda84975467976da6486096b1

SHA1
8a3b58a07d9e9b033eb1b1b9c68559228ddd62f4

SHA256
a393e01146c7ffa76c8b9e9eb7f8fb40f82f2726697d469849e70a6861660544

SHA512
1da80d392200f19fe486947f0cf74d7dfaaf0a6e6926af853b528e90d5832c0cb6ff1cff8f389651e852afb3bc21baeaa7acb82cc32fbeddb3f3de8da1da1655

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
17KB

MD5
06d13a85f367b63b0df6efa361fac56c

SHA1
ab08cf4f6d4a3fd729f47d7285c953ad7974301f

SHA256
4fff3556bf29551579ac51155f7ead55cb4cb965be4b93dcc6d0b6c79c0c68c2

SHA512
5744f490bcae09a9dffe6abd9d1d39338a64be50bcb4d3254804bab9a16613f139933a218bd8231353381c83a26685bd197f5475dee1e9bad224299845bb6880

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
10565d91b9180c3a5c21e3ba63543c2b

SHA1
53fa0242162bbb497a61b95d681d8ed3cca86053

SHA256
4e971e6a7065116bcc5a2774a486e13514169fd93ed6149f9a33cfbcdb868494

SHA512
00fd22c74d86328a250df08cc68b95b950c7e586302702e905c5311f57f3fc25e5ec5bb20723008f35ebcc5c0cd3a6a9b80f3a7d30345eb947d136d9bcdfb2b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7162716b60d47d9a18a0e76a2bd0465c

SHA1
22f114dc9832b82580978a81bdcff80d841f586b

SHA256
efa6b6231b1ba84c5a6603ff70ef8c870dd2d5a55e89bc9497dea05969ba2d65

SHA512
ed3044ad06f155f9c00c35c4ba95bd1d0f41209de2a3c454c5fad000b32a0ba68567cf5d0a163ce924c9a68878fd82d59ee0250f540f541e98898d115e0defc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\071c2453-4094-417c-9ccb-80dd410a04c0

Filesize
671B

MD5
ee3a8ea69ea5a0bd66b3f42d45c8b98b

SHA1
d6007d46ad43a64135d626e3b39e2f010d39a601

SHA256
6c3ec00dc26a9b85367af0c0fa3aecad0876c28ae4c234981d8744ae203e8042

SHA512
5835c3a1230850f18f254f5c61edcd49e7f33fce53f89e01e31c6351a700d4075e7cbb494ff752cc3bda96d162e8b5033bcddb9c74dee1022f1bf2855a0eda38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\096c2ec5-ac32-4d7f-ba2d-7cdfe45efefc

Filesize
24KB

MD5
4bfe2f99cfbff1ef12ba749d9a3fc928

SHA1
22e9963a28dca46d531e69e4f02d299e6cc114d1

SHA256
29366b34d2f809003f669fa25eb12eee9bc106912dc0d4d053b972996086df55

SHA512
4e792481985ed2bcbcc5ac5fd682b173076cedff63f4158d8d8d93c1ff1b97cc66da7ee9f11daa71bad97fd9c0712a0ed5fdafc4606ba805314bd4bc397c17d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\7dd03922-14ed-4d90-9f45-5d143f4ce37e

Filesize
982B

MD5
54c7091bb3f4c28e731665ed9cd05c27

SHA1
d15801e29a7e627b9f35d5b28af2be62995b08be

SHA256
32f9ec3d0842b8d17c9743406d01f7b62833d8f47578f56debe0b5624efeba3a

SHA512
9ad1aa693c51a8cda180bfdaa2149c8102501b7c76bf1c52e4717e475d4030081838c926a685b78719e4d89b700fa9216bcb7b5375be1cd6cf9b7a1306ce280b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
10KB

MD5
2afd78db3d39eaf5adf322aef82b98e8

SHA1
aa604517148535523c62107758cbb2432ba9ac86

SHA256
58e1a3528b8ba0a9f7956966d0c33992c25ba0cbf33b4ada46707c4240063d90

SHA512
0c6c95b69ef544291d7b373ccb211e0495ab04a2d27b7661cde7014a1b79cdd59df6a7f352a81ad40c36fbb0a8d6ddb88925fa1ee294233615c4cba6e4973c5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
10KB

MD5
416f49fcf3155322e18ba59219dde4e8

SHA1
1e61c21a381cd7c62ce8b58109e47a4fe5e8ff0b

SHA256
453502a792461d3b8fae6c7d2e10b6074f2e733ca31d43c3f3ff53bb1ec3d72a

SHA512
a20c45a542a1e745f495ea206bb183dc5141853669305fcd665fd0f01a76cb57dffebb29d0d5b8b652db4b752d3623965f7ec94e0cdf45b0bf9bca7ce08a64be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
11KB

MD5
3c8b038f374ad5702d4bbfa87130f6d0

SHA1
02f30f188c1033714cf9f9a824ab45a18b6241e1

SHA256
7abf77c393795f103e6196838d870227e5bda42b743e0d6ae8a114d8da378f33

SHA512
84baa3aa553049785388acc9eb1d460c1009bd516e576d198e031e3bd79d5fb033479eca8d8f515a4b4f98abb46ce41a221ca78bef0cafe051be576f2713af93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
2a2fb6cf8e84f70c3a5a02853284468f

SHA1
f6f59902c5533b5bce2a900ea046e65ae22fdca1

SHA256
17d647aa2726f0747e6756bc7a75e9e1b9851c89c3e9f8de23d4120cb1293c9d

SHA512
2460a1f67929480c39a8f8723419773fd9923da6f36e92c92a790bd7ad853031d893fcd35f6eaa9cfdb4daa0ec15f9d1becccfaf88b6741b7020f3adecf95fe8

Download Submit