hxxps://www[.]paypal[.]com/myaccount/transfer/payRequest/U-09584045BD498740V/U-5WG42322692827538?classicUrl=%2FCA%2Fcgi-bin%2F%3Fcmd%3D_prq&id=wL4EKNTPRrsQJS2hjiQ8JLzjEHhfpMd6usIiaA&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&ppid=RT000186&cnac=CA&rsta=en_US%28en-CA%29&unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&calc=f55911288815e&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1[.]294[.]0&tenant_name=&xt=145585%2C154413%2C104038&link_ref=u-09584045bd498740v_u-5wg42322692827538

Analysis

max time kernel
149s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.paypal.com/myaccount/transfer/payRequest/U-09584045BD498740V/U-5WG42322692827538?classicUrl=%2FCA%2Fcgi-bin%2F%3Fcmd%3D_prq&id=wL4EKNTPRrsQJS2hjiQ8JLzjEHhfpMd6usIiaA&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&ppid=RT000186&cnac=CA&rsta=en_US%28en-CA%29&unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&calc=f55911288815e&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C154413%2C104038&link_ref=u-09584045bd498740v_u-5wg42322692827538

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1140	firefox.exe
Token: SeDebugPrivilege	1140	firefox.exe
Token: SeDebugPrivilege	1140	firefox.exe
Token: SeDebugPrivilege	1140	firefox.exe
Token: SeDebugPrivilege	1140	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1140	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 3788 wrote to memory of 1140	3788	firefox.exe	82
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 1500	1140	firefox.exe	83
PID 1140 wrote to memory of 628	1140	firefox.exe	84
PID 1140 wrote to memory of 628	1140	firefox.exe	84
PID 1140 wrote to memory of 628	1140	firefox.exe	84
PID 1140 wrote to memory of 628	1140	firefox.exe	84
PID 1140 wrote to memory of 628	1140	firefox.exe	84
PID 1140 wrote to memory of 628	1140	firefox.exe	84
PID 1140 wrote to memory of 628	1140	firefox.exe	84
PID 1140 wrote to memory of 628	1140	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.paypal.com/myaccount/transfer/payRequest/U-09584045BD498740V/U-5WG42322692827538?classicUrl=%2FCA%2Fcgi-bin%2F%3Fcmd%3D_prq&id=wL4EKNTPRrsQJS2hjiQ8JLzjEHhfpMd6usIiaA&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&ppid=RT000186&cnac=CA&rsta=en_US%28en-CA%29&unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&calc=f55911288815e&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C154413%2C104038&link_ref=u-09584045bd498740v_u-5wg42322692827538"
1⤵
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.paypal.com/myaccount/transfer/payRequest/U-09584045BD498740V/U-5WG42322692827538?classicUrl=%2FCA%2Fcgi-bin%2F%3Fcmd%3D_prq&id=wL4EKNTPRrsQJS2hjiQ8JLzjEHhfpMd6usIiaA&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&ppid=RT000186&cnac=CA&rsta=en_US%28en-CA%29&unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&calc=f55911288815e&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C154413%2C104038&link_ref=u-09584045bd498740v_u-5wg42322692827538
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1964 -prefMapHandle 1956 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a92f64a4-d06b-476a-94c3-bf96e9e74ee4} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" gpu
    3⤵
    PID:1500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce55f7b2-14a1-4ea3-9ed6-ff686388ee5b} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" socket
    3⤵
    PID:628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3188 -childID 1 -isForBrowser -prefsHandle 3312 -prefMapHandle 3272 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03121710-132d-44ea-9658-5c71f0aee2f4} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
    3⤵
    PID:368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1128 -childID 2 -isForBrowser -prefsHandle 3920 -prefMapHandle 3932 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b0fb595-0d1a-4973-829d-84af6bf7c4f2} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
    3⤵
    PID:4524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4744 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4768 -prefMapHandle 4764 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddb8fd16-d274-407a-8fc1-0470ee2817f0} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" utility
    3⤵
    - Checks processor information in registry
    PID:3928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5316 -prefMapHandle 5312 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {175659c6-4b28-4585-92b2-12881c635582} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
    3⤵
    PID:4476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 4 -isForBrowser -prefsHandle 5324 -prefMapHandle 5456 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca165263-80e2-408a-a8b7-a85ede12acb9} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
    3⤵
    PID:1616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5608 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfc352a9-0259-4fee-aa83-6bfba6f01cb9} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
    3⤵
    PID:3096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -parentBuildID 20240401114208 -prefsHandle 6148 -prefMapHandle 6180 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ce90f9-5a68-4137-9df4-672be08f2c00} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" rdd
    3⤵
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6372 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6364 -prefMapHandle 6360 -prefsLen 29278 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3427ee6-42ca-48cd-af70-17c4eec8cd93} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" utility
    3⤵
    - Checks processor information in registry
    PID:4748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 6 -isForBrowser -prefsHandle 6788 -prefMapHandle 5324 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bab7caa8-f2b1-4eb0-90c0-ee5321c59da4} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
    3⤵
    PID:4776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7036 -childID 7 -isForBrowser -prefsHandle 7032 -prefMapHandle 7008 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5d30b0b-4347-4ca2-a4f1-3e9c07a1727a} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
    3⤵
    PID:1784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json.tmp

Filesize
20KB

MD5
8d7feddf21813d105670bc85c86cbb6b

SHA1
4083d01fc47782d7848a3956cb6507fbc0dba194

SHA256
80bab8a0004acc9c6a35c3f0343f7517fee34c99a33a7500bcdfcacc20a8442f

SHA512
caed21145b80ab2b62f7e2ee21438f9d33cda8c3eb9b0d3561fc80b1c20410d807b357fd2af36ab1569208aea5946e77eb5bd8a2ed26c068c319a9e2113e251c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
783ad73f48b7993662b192eea22b8378

SHA1
7b3aa2b68903eb6b11a1bc492fa5f003f618d5a9

SHA256
d3c682c2f0422f04d8edd330828e517f11d6220b2d73b9a183c57ad769e2347a

SHA512
796bc9024ecd09ac6f995f8a9295a7eaf2134514c43722be170d7aa8d25a00ae8846afc35febdbf9212b285e6bb173d61a325a4182fdc4b91574656f918e3ca5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
6KB

MD5
866e56abfe5a1795ebf3a1c9f025c109

SHA1
deea38de8a7957498a9906670112dc4839216f81

SHA256
4247f6fc2a136f1c8958c604e27e072e1d878e4565bc571b6e5f9147f6a9f48a

SHA512
d0d7c4ea1825df7fcc064ac2bd465eb6c13d81e736477558e7bc44908ac53e957a170724b0cf6787f678b77c77be1627bd25fb0c54f5d504906599405dd45c4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
6KB

MD5
58a3d6d4c1a26cc2beb7e8ee9df8f931

SHA1
d3854076c343d482002e6c0719e77197f63ffd3b

SHA256
f2fffebede5c795faaddfdea4324465869a43b408bf8d9405c94b2a63f79c296

SHA512
bc82ef4d389c188291b08af77f70768b2606178e1c0b35935f476f29eecfb9eec2bb229fbbdc89843bc2cd1ca7e538cef6dbf2d3a7774f3cf4356bc64ea75bf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
04b01b3ef94c8fd7990c2cff3f0cdb31

SHA1
e1c6f3442e7226f7d247834d3268d54e40a1808c

SHA256
38057be04aad85cd5a657ef79063fe68d0581a8bebc80bbb27d9879b585641fb

SHA512
9afc9bbdc61e571321885f42139813ee6667add967b99e047faa85415a3964be4f64824bef2240fc42584c8a07783c157781d36fa2706c07e03834790b15ef5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8bac2e2d1b0e9459eb76f72b4bff3115

SHA1
beecfb911996266d9beb88aee10447267d0f394e

SHA256
6a0dc5e9f99d704ee32df6e28834daa501b796a81db0da3ceb6dc72a1bbf2e0b

SHA512
a8e12be310068cc75f8b19dceb699aac930fb20dc4f6ef3226adc01adaf6874ca27e4ff986c393b29593c8cd3815591e5f7271e255edba3539caec1cfbb6f2fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
4bc613d13b8103a345a30f380e475081

SHA1
a8150a59ded06b2ed3540bc5818bb55f5a010550

SHA256
c1d466391823bfb915607f568ab208eb5f6dbf6d48e7658b20449e1bce1a87af

SHA512
cb4700fbf1e52243fa48e7a736f136753b450ce6a2d23f54edf5da10d6512b7a4f5ebb94ef02d9ab165663d3fdf6470337bbdccf5b359599d24aec6cfc30eea9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\04f8f52b-76db-4a12-aeb5-f4e0e4d8aea9

Filesize
671B

MD5
fc58e9fd4fa3bafff4761817c95c1bd8

SHA1
b9c5ed5c55f044ea27441258883a94c7a21c8f4e

SHA256
7244237556434bef85f61b88b0e31ca65559a4a5ab7d559b70c4874b8fc13bbd

SHA512
68e54b145199be399ac291f8edef8feea077dbf9541932cab1cc970ce1c77858d9414cd28fd8f44ce7f22b2a9e8b1af3c435d6dc542cd473febde0bc311c8ab9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\1369279f-3c9e-4bad-a3d6-33a38f95d771

Filesize
982B

MD5
072b57795e2051beff5308850cbc8123

SHA1
8b8fe2a646174552ce72b1c61191b1c5b465e409

SHA256
30fcb56c6bd122e08d59d12fb61309a6b964c63966d56c2d3eb5ead296f1ecb4

SHA512
cd7d6c742a30f62eab9e2427b38218eaf5d3761013bff8c80d0403e9afda73f25de68df06256d19c460d2847a5bc65fcba076b73d7e323ac73fcf7db732d609a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\d1e33473-0c9e-458a-9941-24afc207bd55

Filesize
26KB

MD5
d2023c52f74008d687826824bdca88d8

SHA1
58d7ccb304526db2e30761b64c1f25d2a44dead1

SHA256
b696588e51c810a0aab0f87c73af9e083b3ac4793f5d749c64a726a64768a5f6

SHA512
8344650412f149f3537fdd548bcf50aba45cc24f8388a51d592f40a428110c6d426948c35f0abf9f9f45eda002fc3c47f66f908f19b263e4dd8371181ec7d41e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
12KB

MD5
4ed3bf5038570744c7885fe53c01bf48

SHA1
348c4f39e7c4679f69d704cbe58cc02a06331fe7

SHA256
b183b75b043f58b5eb074afdb097d807533f71db5856f7b3b596b1100dddb241

SHA512
8b53f0282b38d7315070b9eba621c00e139da89f62906ff87d30216b0854ab06e32522bec6148e1112ceb523b929918e4e01abd7c357ab5455ea6605be94b598

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
15KB

MD5
7e89806f4ee4ba30d98af1372aa3e7ef

SHA1
d58d043ef40f45e0aeecc0a7ab47aa40f69e511c

SHA256
22ca3845d8d1dafa909020659d4bced4588988bbe468d0c1ab2fba0c05507e50

SHA512
cbfd867c91af56d4eaa52fb5f5d9cf7394e46d83052936deb736afa3447494aa6a236a4bcb6ef0866f8142ffe9869f127bfcad98f7eeba97ed1e6339af8036cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

Filesize
10KB

MD5
6eeb3c82a69f5e294527f3b471dfabe6

SHA1
4b1583e38b11f23d44371a7902a99bdaec9bc8ec

SHA256
56b8fa8f42af4f8ff169bc642429105044a3e0f0746048855ca4fec80e20fbbb

SHA512
a3d15fd4d1b2f5a51061414541c19239f7fc6d529f52ea5c80850129dad8af6ee6925e4e3712cd9208b995db4adc1e899ba8768b30d1154084be2f52839ae772

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

Filesize
10KB

MD5
1acdc6c439a23ed50caa03765e4d184a

SHA1
8e84292f752d500a397f4ec64e997b55cf865b2a

SHA256
da9e7c990a61d711f1cf6178b24f253c067923c535a9d5724dc17919732d2aac

SHA512
915c2bc919af35ca99c066d8708a622412a6596109fca381b878caa54f1122beccaa98f19d391a98f16818e210d841417cbefedc960462df68f4eaeffc1e04fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
82a64bee0290f91bf9216620b2eff55b

SHA1
2abc3f7bfa630cd63f5e7bba781cd2c92eb58735

SHA256
4c0f4e8d3f88be25716920ba381a5558861ee8661ace4232e98f34622a5b1981

SHA512
e6fd9441e4a5f6a755bb7c9d7238433070796367cc3fc93297af8e35231ebb2df591c5c2f95c6b0d15cfe67c63254ff25682ef490f01d421d1c19b259b73b925

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
68899a31ab50eb0a797468fd1ee91db8

SHA1
f0b07561ebbe9277f2402bc7b6bdb4d3bde46818

SHA256
5ac3d450bbc89506e178bf9e00c3074bddd542955b36532d7f758798de12a1cc

SHA512
20f43e3a1b4f70de84813fce7e0d53452f254d599ac94c10ef8a151e9d5f4235243c8f79ca901cd65daf3ded630c46ccbdf3e3dad7140c6167b5ef8c7e07bf5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
44470f84a184887662f51d44d01af012

SHA1
e71424198e8b45302cd1d4e6824f1bfccb8a8934

SHA256
e6572daad03581f8db5e4661756f37ceec9805b36f568e944838b657a60dad45

SHA512
df9d33d524c2a81f4e55ab43c1dbca02f4d94814dae5acf326f70c262783b416c608ab8fa09ffdbd1c48dc9ee6a835139b7d605fa3814fe5db912ee7bb7ff925

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
513c93d5f7d02faced255da44d474696

SHA1
105de195b974eeb3ffb0f2815fe409055760308b

SHA256
f386096aa2c7d22d95ebc13958cb6be718faf3aff937093cc92a6362bf2fbcec

SHA512
7252dad041383f4f19cf706c738d0656b37638d4185a21844c4783be06f00515a2f96fb7bea4b619c697c909f52495a496fbc07f9d949e69e256a95991c8fb69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
243f562f815f95998cbc9c36059627f1

SHA1
30bd17b4a91ffce88d0a714172025a69bb96c212

SHA256
94ee4ad8d1b16b54a5f65c3cdb13d41e0dfb3bcb4fde4df719398acac2cc0312

SHA512
9f372b679cde214513f86778317bd6bd4688afb13d2a70b3b89a2e71dc553e65c7382b3c6c3fd2facde295a561e70087a29654c2131dfcbc3d17e7696fbe8b32

Download Submit