a327836c69ae4b830c8abb8169b700d4f830707f8cf756f0a366513bdcb977e7

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-11-2024 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Renewal_Verify_INV-[Y6V5T4VC]_[O4PTT].html
Size

3KB
MD5

6e10ed6874d3896f34158b88eb1553b7
SHA1

96c013be017f8451b65ad66e3d72e28d7bf157ec
SHA256

a327836c69ae4b830c8abb8169b700d4f830707f8cf756f0a366513bdcb977e7
SHA512

88471b112c76397691a5c8a680f8c2058b24f1f5288b49ae02f59176e8fb3b8c204d97de7fffca66ef4962cc81396985cbc27821c599bf7361219ed26880f095

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3792	firefox.exe
Token: SeDebugPrivilege	3792	firefox.exe
Token: SeDebugPrivilege	3792	firefox.exe
Token: SeDebugPrivilege	3792	firefox.exe
Token: SeDebugPrivilege	3792	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe
3792	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 5048 wrote to memory of 3792	5048	firefox.exe	78
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 4980	3792	firefox.exe	79
PID 3792 wrote to memory of 3632	3792	firefox.exe	80
PID 3792 wrote to memory of 3632	3792	firefox.exe	80
PID 3792 wrote to memory of 3632	3792	firefox.exe	80
PID 3792 wrote to memory of 3632	3792	firefox.exe	80
PID 3792 wrote to memory of 3632	3792	firefox.exe	80
PID 3792 wrote to memory of 3632	3792	firefox.exe	80
PID 3792 wrote to memory of 3632	3792	firefox.exe	80
PID 3792 wrote to memory of 3632	3792	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Renewal_Verify_INV-[Y6V5T4VC]_[O4PTT].html"
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Renewal_Verify_INV-[Y6V5T4VC]_[O4PTT].html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1548 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3a09788-c2af-4c34-b5e4-a810df5d98bb} 3792 "\\.\pipe\gecko-crash-server-pipe.3792" gpu
    3⤵
    PID:4980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2372 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9128f582-a8ec-4d1a-93d7-f2cea2478d15} 3792 "\\.\pipe\gecko-crash-server-pipe.3792" socket
    3⤵
    PID:3632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2932 -childID 1 -isForBrowser -prefsHandle 2812 -prefMapHandle 3024 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e7a4722-82a0-4a96-9789-ff592008a9b5} 3792 "\\.\pipe\gecko-crash-server-pipe.3792" tab
    3⤵
    PID:2408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3656 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe0caac7-6ee7-4de5-a748-0c9816f5de2d} 3792 "\\.\pipe\gecko-crash-server-pipe.3792" tab
    3⤵
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4288 -prefMapHandle 4292 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6d44d51-7b82-40cf-9a33-6019c68309c1} 3792 "\\.\pipe\gecko-crash-server-pipe.3792" utility
    3⤵
    - Checks processor information in registry
    PID:1348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5256 -prefsLen 26986 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15ea2192-e76f-47a2-9703-844282aa7c13} 3792 "\\.\pipe\gecko-crash-server-pipe.3792" tab
    3⤵
    PID:4308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 4 -isForBrowser -prefsHandle 5728 -prefMapHandle 5712 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53f62430-92d8-4f85-8043-996181030406} 3792 "\\.\pipe\gecko-crash-server-pipe.3792" tab
    3⤵
    PID:788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -childID 5 -isForBrowser -prefsHandle 5876 -prefMapHandle 5880 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c957a2f7-81c4-4014-bd8a-4c28671c56f5} 3792 "\\.\pipe\gecko-crash-server-pipe.3792" tab
    3⤵
    PID:2384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6052 -childID 6 -isForBrowser -prefsHandle 6060 -prefMapHandle 6064 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {707b85b9-ca4f-422a-996c-673bac82df40} 3792 "\\.\pipe\gecko-crash-server-pipe.3792" tab
    3⤵
    PID:1144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6412 -childID 7 -isForBrowser -prefsHandle 6424 -prefMapHandle 6420 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcf80031-5503-42c2-9f85-34014212b358} 3792 "\\.\pipe\gecko-crash-server-pipe.3792" tab
    3⤵
    PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
6060e551cb0f95fe5e73f34963f6df4b

SHA1
fb6bf28b8f35162096f5bfe7f330475c53ce78cb

SHA256
fbbe97542cf175a58b5db4637cd0d97194045092ad141b1db8ff75f8ad0488f6

SHA512
2d0594190c0ef0aaae237341fc32759b3fff23d90802f342fe7f11f520ced0ded93d010044150e52ce561ec9781dfa91d42a7bf5de345fd2f921d1cc368f1368

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
71091d1bc10a09aa5329a739e6dd40cf

SHA1
ff46c4aeaec69eadeb976c314cbe2681b78927a0

SHA256
a0c9062ca6dfb027131ff17826d05335c2d282b53bfb5c66abb5febfb5498727

SHA512
dd5c4319a11b91a0fec892d2acf96266726a2aab51d3f336603bb56d4a8c69b9f863a78a1bf7bef31fff131eb4cc75f00e068fbb86f101544fdcf6b2af7bb083

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
7b1db61561eeba80b6fe1da4eb5397c0

SHA1
45d13fd13b3777181ca727f4f931fdb4cbe448e5

SHA256
f5351d7d41be5c1bac7c927e6d0678bd59a0088c4316f5144fca01d7aed4471d

SHA512
ac7b23977dddb813f4ff3badb30788dc82d9b0e30a1452cb102b7854cc8b9d7b9b9db5ffdde024b32e2111348d93c7534a12d615f59381cdb60a2ceb05c6ba6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\AlternateServices.bin

Filesize
6KB

MD5
7dd24f21caea6345a707f4f2d64a1fc8

SHA1
602d0c42bf5b27db1fce53d7c30691a33c530956

SHA256
39b6b519c7cd34a30792313898333dc24d7cb38151592896dffb9a78a75124d8

SHA512
689c26a66c0b796a8cba31701a053cf1a2f8965a6e4c9afddfc9e9e0a097255cab3119cc3fc8c230e8d4e706f9add650b88e80ef6f2a405e190cf7befba05a10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5d160af2416c137148af89e55232727e

SHA1
f042d0180785c000554508b0250b3ac59950952a

SHA256
69bf819726472741114dd14069a95ab30dd469f91f21e257fde921dfde1a38e2

SHA512
4ac97eac50ba43650dacb0e9226a6b9ae0d394376311c7c140548f60d809b2112863237bb32b3c2b1ae4763b40f0a9ff0eea6bb85b8a804965c0ba46fda3e267

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0e3b87064ee6dc4f3854a2cce4d1fba0

SHA1
43f7142a2af1aa5d8d81ce67da12aae71babb6a4

SHA256
3877ca50a1e29569879e3a8ebfaf9008702aa07c797d14237cac0784998c786a

SHA512
cc73c7515befb23c009148f0545a29ac398e95a710de3da7476fbaf4d8310ff70bb1885e4d375723aa77230c56ee87cf4a1892237ca374e908a760cba265c60b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
4fc3e6fbb94c319634bb81024a24aa78

SHA1
e4525ba5cb096f98c24c49648d9643fc1e1c90a9

SHA256
44af5d53ffa55b8fefb163d4391418092c72331f30ab9690991b78f6b0b885d2

SHA512
8ab3346d357b56f97822316e4e1c1115bfb078fbe658f37f3416a78eb9a3ab992a30298cc9451ead5f4d688a5aeeaa2cc2e30c0b456c7ece7acec02c8a607819

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
674fa8663a4070b9fa7a9cded9a78dc6

SHA1
1529e6bbb008462cd7a079f2c97921d7d732f1db

SHA256
4a4e6bba964787b807c1d81a0396af4040dac24c779d1560f33511512758b1cf

SHA512
7b94b0143fcc4fb7229d9f33b29cd2dfd75cfeaad0cd61d925a067da629cc6f0f02fba3635731cff7d5a4f9d9cf4a56cb129c1036c5ceb0aace2e426a3621ccf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0dcca4bb8d09a4e771ea349769d4d282

SHA1
4f5d2230e669143fe3de8bc43dbfb9ff13e3cb77

SHA256
1a07d642d5f5ce36942fed8d9fe21e78c17ff5a705ee412bb554788c8c11afc5

SHA512
7b2857b43cbe56e096f6d99fae2d38228c0154eb9f04325f045ce2bb1b1a828b3b0185558ae0e38e6ca7d20c59c1ea80ecd6371b65ee746dbb01f58b836f34de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\4890cb95-eafe-4732-8735-62fff775f491

Filesize
24KB

MD5
ef4e828c8237eaa412674533142c3e7b

SHA1
e58f4c12eba63048f7036688d6888cac9d676a3c

SHA256
54bd865a96bdf83bf30531760ca41e51edacc308b58a2b948cb7f3c26d244e38

SHA512
15666e554b22baf5c4daf8a0f4ac18bf2bbec12100b977dd2259a0d5a379a28494f12a10e17e42cf3b45e10a09e2ace093832d662279d87e3070c90bbf5f014b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\620beb2f-fcf1-4091-a343-5e188b41f261

Filesize
982B

MD5
fb718111a136e7b3becdaabcf95582a9

SHA1
336a4c910f1315ccedb85cc80eb3b11b1b3fe524

SHA256
9853ffce789ff5f1f3debca513fc18fd9644e04898964637a74b72fe07c45fb3

SHA512
2a27af2233bcf1b989ef0c2827bcc6a5a27dde270f85e11f2d4652821c30b221246e325401f79ccc0ac2e1d398fad7372e1796631196f74a15be89b521bf7f08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\b1ae4bef-1da5-4eec-8c0e-cdcb8c3e39dd

Filesize
671B

MD5
27b92a0dba2f36839d86a1c78bb9adfc

SHA1
bb7bfdcd70fa9784275461d380afbd031bdfa5e5

SHA256
a2289807d6b9920198f3d865ffb6331a1c4311bbbf1d5a3c285f142234661de0

SHA512
4e682db30a59479af88c673d25dffc95916669cbd8a6d2e93277120aed0538bd93ebf9956960fb6555cc1ff23226c404129c12b5c854c27ac3710b0385bd6bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs-1.js

Filesize
15KB

MD5
3770cee64239d10a8a34fe5c91294d38

SHA1
4f323a313fcfbd3bc18b33d572124a4aaf2aff2e

SHA256
4f1b044943aa30ae705d0864781e1fac5815561406ddf554f095f31c3926f1a1

SHA512
bb281b88f7c732e8101a606058db96804237b4fab6be8e7eb438e9c0ff9bb9d654ec128aa48b6722af5d1defc95e9b8f13b511606df5d71f3c5769d6e6b6f7a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs-1.js

Filesize
11KB

MD5
8a109d0b91e4860059d0bbb317f58448

SHA1
060b63610935116f280ae272beb6d83c011e8ef8

SHA256
eb9d92f1ede97b744ad8d9f5f471803d5dbbf09b73668e3d7882aaa5e6ff17c5

SHA512
5b9710f5a2d2bfc29e6e1ecfc60f8e6dbc525d988602ad31b700721504675b12309c78b2088e884db184236efeeeaa292c8af36b6f141d87a878371238ff0d65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs.js

Filesize
10KB

MD5
ec1b32492ede5048aa0a066fa56e2674

SHA1
75ce351188794bef6d9d9ac705057e04f71329bd

SHA256
06fabc97453c6890046b3478849f00a15f48b2e09946a744633b79f08f321724

SHA512
0148c51919be532829c15c135cb6aaa36c6a8e1a082fab2ba1e1c6bcb3742e94a5274594de77dac281b1fd3737b7d7cb3f224d5490517a776c4d091f4989c8b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
664c6b51e14672bdc9c8d4ff3c87e32f

SHA1
5469497e65c8a008330282371e7c86c7b86e0800

SHA256
418d5f19160652b765863b43285fe0fc413c9eaabd204d309c117a23b71aaea7

SHA512
ed41bc79a1f5f5179dbfb1e383a21741faa27a90b92605675102d967904d359e08589216b181a554597e36f87d1ddfd123e161c16f830297f4f6a4827d087e83

Download Submit