b4174bb02e66b2511999c41eb455b520cbfcbf215d6df795cc563647b90cb7eb

Analysis

max time kernel
123s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11-12-2024 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

View_alert_details_#[9YYZQ].html
Size

3KB
MD5

bffe485917d85ee454d67ad1adbdab3c
SHA1

2d6a8a60577328d0244349e697708d23927cde38
SHA256

b4174bb02e66b2511999c41eb455b520cbfcbf215d6df795cc563647b90cb7eb
SHA512

f1bf0c6ffd831b50c96b40cdff5dc9b50ad6b89050004ef96eb1aa91a21c6f57392a57f11240e7c83dda8edf596b834ea577f2344c0b0fc4e5e71f060cf38416

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4664	firefox.exe
Token: SeDebugPrivilege	4664	firefox.exe
Token: SeDebugPrivilege	4664	firefox.exe
Token: SeDebugPrivilege	4664	firefox.exe
Token: SeDebugPrivilege	4664	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe
4664	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 232 wrote to memory of 4664	232	firefox.exe	77
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 3608	4664	firefox.exe	78
PID 4664 wrote to memory of 1640	4664	firefox.exe	79
PID 4664 wrote to memory of 1640	4664	firefox.exe	79
PID 4664 wrote to memory of 1640	4664	firefox.exe	79
PID 4664 wrote to memory of 1640	4664	firefox.exe	79
PID 4664 wrote to memory of 1640	4664	firefox.exe	79
PID 4664 wrote to memory of 1640	4664	firefox.exe	79
PID 4664 wrote to memory of 1640	4664	firefox.exe	79
PID 4664 wrote to memory of 1640	4664	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\View_alert_details_#[9YYZQ].html"
1⤵
- Suspicious use of WriteProcessMemory
PID:232
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\View_alert_details_#[9YYZQ].html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1892 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f47d64bd-ad05-41e6-93f4-5b169b8092a5} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" gpu
    3⤵
    PID:3608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9b89174-e6c9-4107-85be-03324b09a998} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" socket
    3⤵
    PID:1640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3000 -childID 1 -isForBrowser -prefsHandle 2844 -prefMapHandle 3208 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d841b822-1692-4ff5-af05-40c18afdee31} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
    3⤵
    PID:1960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2896 -childID 2 -isForBrowser -prefsHandle 2860 -prefMapHandle 3480 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd4a7f26-7c09-4e99-bdc9-187dffa2c785} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
    3⤵
    PID:4972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4808 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4800 -prefMapHandle 4796 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92b47adf-16a5-4158-b980-2b73777485fb} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" utility
    3⤵
    - Checks processor information in registry
    PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 27093 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fcfba82-459a-48a3-8b8f-295ad7ee2bc2} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
    3⤵
    PID:4004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5808 -childID 4 -isForBrowser -prefsHandle 5792 -prefMapHandle 5796 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcd9831f-6a31-4d0b-80be-9b115180e8e0} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
    3⤵
    PID:952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -childID 5 -isForBrowser -prefsHandle 5924 -prefMapHandle 5920 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d82fdd37-b014-46be-9f23-27e67c7794dc} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
    3⤵
    PID:4812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -childID 6 -isForBrowser -prefsHandle 5760 -prefMapHandle 5744 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e693944b-bb5a-4320-85e8-26ad538b9953} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
    3⤵
    PID:4272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6356 -childID 7 -isForBrowser -prefsHandle 5648 -prefMapHandle 5620 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2d49bc5-079a-4d6f-bab9-a8ecf1ffa01d} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
    3⤵
    PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
530fb14b9d493037247aa2df617aec18

SHA1
2ea2b832830022277cacd375fb72990da1d5f2f7

SHA256
9ed21b273feb8090aa9702a789c47754eef6c49cd686c68727a46734240c03f6

SHA512
1cbaf3b57d8022435874da0011ce5a6b5155b1a9cd46eb8b55b677baee002e054b974c537d657fe879e94a6758c445286e6c9a487fd721a3e639aec49da60480

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
1d9c952633591161239810aca983e6ed

SHA1
e79421431663e23a185420309d4d13b8b2bc7ad7

SHA256
641436477f0a0d4f506d712b2c297fb2f5c04ca7af4f7ce911eabc4522778cc0

SHA512
e64ce2bd5150a0ed82e7fac689cfa5562f5c923671e534a0ac96cdfa8aceac1b3f6f1e0f1ff93816f76828f7af700ebfda442ef8e549807558d002326fb5ff1f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
d44557c0233489da36922f80cffa3312

SHA1
09f1a2f0a71d7487c40bdc575bda810db5fadeaa

SHA256
cf147403e960462f854dd3fab54b65e9cf8e52b9efac67eb27909c10c5a5a0e8

SHA512
3a304e8cf0a6fe05bb79610bf30c825000f662d7040ffdb433f4e02844dcb0dc2918d82a11fb4a10151594b80f6a9034088b8e37b1cc7b176a7c360ddc554261

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\AlternateServices.bin

Filesize
6KB

MD5
62fb6fc55b5d4e4f31959a206bba36aa

SHA1
192b294ffa1efb435ccbdf75697607abfd1f1d97

SHA256
238c470118e692904ad75d5c65ecaed1769463ec09abc53b15f468512b3414b4

SHA512
236ee42103a24330456ffcd6f54cb9a2f96eb07770b168ecaf51997ac02107ee50d1f45e2ef7d80c53bbed16bf7fb2c9c3a6f7f833b71fae15622b0dec7b8208

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
3e60dd26ec05aab9b4368613f8623884

SHA1
bd1219a1ac9f9dfa90d50abb3d6db58de071b6da

SHA256
8286f68e27b8e0be7929e318fa74d5f1c1f66e98da7a433834d44574578dae84

SHA512
93039e24159b287b42886026f974d776d306e4da5c2aacc3e9d0dbfb85d2ed11491067fb65e1a156434366e6a0116abe4d97e43dc9bca1e6c1a04662812002e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
adc11ccaddb1c99dc09e6bfcec005e0b

SHA1
0dce844ecac46beb8258a033a22cd7a69ea7fb53

SHA256
20d98867852ea0e58ca6e42a2433d8527e9cd0ca9f909a1e628461fb803c33c6

SHA512
2c2ecd8dc1ba3d4c7cb6715c1b3a84784e52b42bbd02dab6e8a7088a3713b0cb7f3d749f710a9b00adf88c8774e67fd9390b2f188c834502036f5c5efe06714f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
cd1da5926717d390ae729ee04123d4c7

SHA1
b21db77378eda8ea64072923f4cdee698b70f67c

SHA256
a215e98e1784d0d6ce1548c6a0435291e563b4843e349019789cb1a28183caa8

SHA512
c3dbf651650b8f1fbdb3b04078981d2493faa02761a83df8c2acbbf4a9548f15a2eb9b5262e96485077454c6be73507a7c3ccf2110dc0726056e3cafed682472

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c38f29337486c904202660b80ab78fdf

SHA1
f4d23f765dbf15b3efe4a74a149396742eedaee2

SHA256
992d3c20a0a49f304df4be526a5d5011a76e4e4fe392582d3a58f8a01e342e7b

SHA512
ee3fea1d93a7fff39d2ddc5d25ccfb6679f958fb69ccbffd6bd5c2f1252103d346d90eb1fdb4d6f0bca66f2bffc2b6ec9af240cf9eb7efe43995e9b860411e30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
2098c26a8fa99dca7b70aa93b1d8fa04

SHA1
7a62e653ae694ed63047a4bf47dc6c25429f0682

SHA256
4b3edf8ea4355ab717b872be115a7b8e2aec7ffc4d346000dd5226e96d24d836

SHA512
fdc6b60c08c279ec0738d762ac9efe166b683d529fe36e6732611b79c2ed218eb6b74bf11dc799aaebcf4f296e615c98debd11de0778ea22c2fbd9251f5ba7b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
effc5091f82b0be56cbf0cdc65ce6d1b

SHA1
8f844ae8834b3039a71bb9afccf7cb36bd17d31a

SHA256
58841bc4ac424b85509f9627ce9aa580fe91763e89eff5d4b1faedb1cd1f66b3

SHA512
11da8e6a40ffa8177f5130fbf49ece96f6418748d92e2e75502fb60c4b92d77997c906889553e55d2773d255c4d07f05d730a25b554a6d3e3f5c081fc3db212f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\1dda6ca4-f83b-4285-9188-da4b18813732

Filesize
671B

MD5
84d49e45a0d44d4d5d79ed28fb1f323f

SHA1
268959007396015f389c99a7cabde6b6c658da01

SHA256
a41ed437fde44480c01d6fbe736d7c5f2f92bb68e8dd6aabc7cea2b6402080b9

SHA512
601afb3540eacf7bf55c359846922ff98097193943a6c2536d5200c59bb3326452f7618603a53071708f513ef1ffba9c1af02ae7d0749d30da181e6fadc9f99b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\6e3335bc-266f-4a1d-99ec-e71f440c7f18

Filesize
26KB

MD5
6c09518956eac1b444049eaeb2901953

SHA1
ef9af846355d1f14437d6a6c30e71c8e9404284c

SHA256
80f189a6a04a9490a13ddf4f6c1fdca0b862eab5b63a61a35b744e156ec5a68a

SHA512
12d51ec946edde5c6a6801652a2a4dd0887c3bf879fd21bd4cb66138c8f8efcfc87bb1563fd907836848c97add2a9313293fdbc83612641dc30d1ea1d566b2ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\b31bd664-42b5-4835-97f4-7942a5a9a6da

Filesize
982B

MD5
6a3f7a281ccffbe725f9aa73873afb54

SHA1
2da1048359722bc20c117cbb0ae81f258971f070

SHA256
6e97a83b1d916d75f99fddc474cad2a1b3ee40ade61e7e025bf3ead977b97fd0

SHA512
2805713b39ab21a86b0210ba51540de67700279a8c6f93e37037f78cbb9c85c9d2966be431c3bc2e0c6f5b62e65ac53a68fd3df13e0168d6c3c844f8196a14d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs-1.js

Filesize
15KB

MD5
811fae70671a3ace120115bdf392b49e

SHA1
5f1d83061c95873a8c71ab30db8cb03b0c2b448c

SHA256
02fa769b457f6088fad7f8333b4743be0c843fabcece608e091032bf70c0d3f9

SHA512
a329e21ec923f5439e087947f2b3287398ca62f281b929c0ee2c09b7f079f52260b8867c2bb7831ae8fa308ba8d33a51dbc73c4fd33863efd0394be49afd43d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs-1.js

Filesize
12KB

MD5
4475aa2c7e930e035188de1ef1808cb9

SHA1
099c1e47510e6188c58ad0ab4c20b1ddb85900ba

SHA256
835a3fe4e7ad6207f7397fc9a61d8512acc9411e9423fe9ca98c21778b8188a3

SHA512
bc6585998ff9929c0e916d12e50623b5ee1f2ea60cd5556721f2ba811997ae121e29bb72a5fb7669529feb7ac1f8423ebb25909d01c896fdfcee17295b98e411

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
10KB

MD5
d793a688b02755e2d92f978f5b9263e1

SHA1
23927c893a5295ee32607a6eca1fc57bfb7a14ce

SHA256
55a1bf9ea65c4fe4d4365c0e6f0923c95262b800060f4b6d9dea371eb2eefae2

SHA512
eff47455b91faa1839a6c8c5eb311d5b8e0cf1ab4384ca3b2f7398248967ae4f417f1b7879791627f37142e2c1c84759c74e9763790c9db098315655b1766719

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
10KB

MD5
a6ac8b6edf32a108b43903e68f593429

SHA1
100a1dd3c0dce4142dc987f71a7b6719e58c2cb0

SHA256
4c2c8c6c8cf4d458b97e9572832f3b7d3a91b2d041199c94cdf3addeeab3c39c

SHA512
066fdabd384413f1fcefcce4b6f9a64a9a7c8bcfd2dc7ea44dd9fd9b4960b6a9af812a1d051aa9eb7197913d4915c9208ef72fdbc3de2a865c9fa91438eb9e54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
8fda25174ee04ba7fd8a2747ca842ead

SHA1
6fdaa905073a9fc920ec9eafeb8e660a2ea8ea06

SHA256
269ee90cade38a4b93f1e642fcd61f36bb1bf146180db44392116ef309980ebd

SHA512
8caeff7c9b71cbed091292d41ce95741d3261d21610c9a24bab5ac399a906df132c70b02912d37f47d84ae8be7a9776db5935c8bbacccd7924fe59322952728e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
5df74508b6f0232702959f08dd71fff7

SHA1
ae6e042986490f54794faa27f2a59854e92da653

SHA256
5e3914d38c58bf1e72e6759cc6a4d21be6de08679a8425de3c02f9249886866e

SHA512
82d6e17aff256abd047eb67ef43b99cacc5fa9af48000ba77af69e404658af758ff0ae29d8c38788b07cff8f71df95288b7745e383befdd283e8aae05b0442d3

Download Submit