865f8557e7fb7bce49eedfc2c2a57fc7a5814b2eafaacb0c13475044eff64a96

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
16-12-2024 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Transaction_details_#[D3L9M].html
Size

3KB
MD5

31b7c1ec32981c5690f2005a834bbeb6
SHA1

49ff99df464e0551f4cecfae9cd062f60b9ca6ad
SHA256

865f8557e7fb7bce49eedfc2c2a57fc7a5814b2eafaacb0c13475044eff64a96
SHA512

0a6cf5c9a9bb53b41762955bdaad02509fc40f537ce18494cd9823bfad8fce68558512fbad77e51cbdb44b8ce8184197c15697eef3a62f47f1d671654b08f66f

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	872	firefox.exe
Token: SeDebugPrivilege	872	firefox.exe
Token: SeDebugPrivilege	872	firefox.exe
Token: SeDebugPrivilege	872	firefox.exe
Token: SeDebugPrivilege	872	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe
872	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 4924 wrote to memory of 872	4924	firefox.exe	77
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 1412	872	firefox.exe	78
PID 872 wrote to memory of 860	872	firefox.exe	79
PID 872 wrote to memory of 860	872	firefox.exe	79
PID 872 wrote to memory of 860	872	firefox.exe	79
PID 872 wrote to memory of 860	872	firefox.exe	79
PID 872 wrote to memory of 860	872	firefox.exe	79
PID 872 wrote to memory of 860	872	firefox.exe	79
PID 872 wrote to memory of 860	872	firefox.exe	79
PID 872 wrote to memory of 860	872	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Transaction_details_#[D3L9M].html"
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Transaction_details_#[D3L9M].html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0b6cea6-3d50-4a3a-919b-584326e3a98a} 872 "\\.\pipe\gecko-crash-server-pipe.872" gpu
    3⤵
    PID:1412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c172099-039c-48bd-beec-783b80f86722} 872 "\\.\pipe\gecko-crash-server-pipe.872" socket
    3⤵
    PID:860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3296 -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3284 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1401855d-492f-47b7-93d4-6de837167ad0} 872 "\\.\pipe\gecko-crash-server-pipe.872" tab
    3⤵
    PID:1736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 2 -isForBrowser -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c5c8438-e97d-44ca-97c4-8e224d7b8063} 872 "\\.\pipe\gecko-crash-server-pipe.872" tab
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4312 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4260 -prefMapHandle 4300 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6b38a5a-f5ea-4fcc-a781-42441100896b} 872 "\\.\pipe\gecko-crash-server-pipe.872" utility
    3⤵
    - Checks processor information in registry
    PID:228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5276 -childID 3 -isForBrowser -prefsHandle 5328 -prefMapHandle 5324 -prefsLen 27093 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5fb0e09-5654-47e3-8e07-94f31d124e4f} 872 "\\.\pipe\gecko-crash-server-pipe.872" tab
    3⤵
    PID:2712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5896 -childID 4 -isForBrowser -prefsHandle 5908 -prefMapHandle 5904 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c89d389c-d8cb-44a2-84f2-a0dce4f4d765} 872 "\\.\pipe\gecko-crash-server-pipe.872" tab
    3⤵
    PID:4932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6028 -childID 5 -isForBrowser -prefsHandle 5852 -prefMapHandle 5844 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1bb7a6b-4611-4aab-9a65-4e53ef25a280} 872 "\\.\pipe\gecko-crash-server-pipe.872" tab
    3⤵
    PID:3572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6124 -childID 6 -isForBrowser -prefsHandle 6044 -prefMapHandle 6052 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd5321bd-3cf1-4367-9465-9a6da8951f17} 872 "\\.\pipe\gecko-crash-server-pipe.872" tab
    3⤵
    PID:5076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5788 -childID 7 -isForBrowser -prefsHandle 6072 -prefMapHandle 6064 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d84dd84-8586-45db-b0f2-75d4b0299412} 872 "\\.\pipe\gecko-crash-server-pipe.872" tab
    3⤵
    PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
c9d22ff408efbaf73244429c4baca249

SHA1
32072d650ccd30f72f1943ce17f116531c30796b

SHA256
b126b1a6831e11c6963c427cb599b0589bfe2c99b4b1d3316f747d027f283689

SHA512
fdafb913fe740329f37ddb2cf185399239770477c569bdfa0e671242b9dc131fb5f0ed7f65a0c2b13cb2326b7b0129958769f3fbef9da7c2bba0ea649e06fbb2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
bc89752dc2f5b127dbc3ed1511507545

SHA1
3e7c8e6af64b6643935db38595cebca9236e46fd

SHA256
8cf9c4b92015fd0498fcadda6c0d47d6109d3a90e8cc7b22c0b5e85480b519ca

SHA512
42a82d7e8c6bff6630c27121cacd7e31379c9ef26da1c30cde4078f5d80ede248e230f20e7d63371fb22d3bef5063d80e2beee3401c9946e006e447d74afb314

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
fbcf918c6b9b60723009798e3f204916

SHA1
97cce8ad6a6d9a8cd30e51462d4e6c8716db6ed8

SHA256
b93e8fe052770ee6b55a57ff5e7ca9fe97a2b4d92dd6b7280c5da4cf188cb7b2

SHA512
074ed261c2d39354eba54492de034f2557600a7d8c63c7158c2e8a6167a3f71afaff14721ab03d1766561e4430fc70731a56ebb5c5023f5cf4f342f1fb24081f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\AlternateServices.bin

Filesize
6KB

MD5
5916ce7e5186cd3ecc3aee2c8cb275a0

SHA1
4d1c0b7aefab413bf4fec4f2af0c9cfd66dfba46

SHA256
c05b85d3a7637da55e53934c1deffafdbdc39535a520f833ea02b990715c226b

SHA512
11d233c8c72dcb441aa2a05c12092c53528a1fdafe479cf4e8395a7d38fe9a30fc82901a3cd35f687774653bfc93e7028b9fa0098365617640bb24ccce0802a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
82c4ad98190cd1fcdde8f2580799506a

SHA1
58fb46645c80b5fd0b25ac91b885249c24bd47b0

SHA256
7d5c2761815fdb0ad898520432b9cb0a4a6e8e83fb1095f9d561265778588445

SHA512
7cb300023a4d55ffe081ac1efdf8bf2965e6fee8cbba3f50f849af9fe791c593005cad392d2d8fba793100cd2cb3b513812ade66a36ec708ca135f6a79dd6552

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
df455d9a5f0646a96c64717e5761bbf3

SHA1
3fb68842d5a49d08f52874317f6e9bf151e4ffee

SHA256
2702014b78857546618b4853f44f76495639b7162747f8c1e802ef308ae1229d

SHA512
37f4ad2d0d3564f6a1b14f4e1c791377821026278c0e91f6220e9bc155a1166bfd4fb2297ce92b1056318b2154f707a12daf28b4ac2089bfa92aa115b83ad7d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
058dc529c63b41da61cda616d33bc2a0

SHA1
b803a82b83561a2abd5d8dfcd69602d7ad09615e

SHA256
ef08012947f206a7137397f513ea380901d64c38b4f877ddd4ac477c3dfc4908

SHA512
98f1a94e4c83057adad5eb8d66266fb0766aa5d90b9c3d4feed062a7e32f4abe7454d7bfb9f52648114f73636109a487f46a036fb5ee8c8058bd5f493951eb51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
7fc4bb41f82d6e23425227972e95928c

SHA1
d1f34d35c02896debaa42f4724e2540ca67f199a

SHA256
1a8c51be742765e9eed3abb340345943078df71cab868802116784b2f86c6245

SHA512
38f9a0f7da7bf33b387888676aea7c75a05f2254212778af1afc7166624215480c7cd388b8e54682088bf225d2012c395be27c4640b44fb09ac2eb4288d90905

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
85fe10d3442a457026388f3b1d78c1e7

SHA1
383420cdf217300c09d9391772b5de82137aa21d

SHA256
8b02f93b521efae82536d1d15b59b9292e218b0f8ed2c922b5335378a2812f33

SHA512
c798f7f0853ce84c72f22bc5a4f3be7348540d80e0c4d4e47a43410b95ec983f4a4d33efda2b4d3681433101301d28ddc45186fe0b6ccc84b39015c1f56a8f7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\1be1d6e0-4228-4f9e-89a2-ad58d7590ca6

Filesize
671B

MD5
266ffde4e3e49abd84e6b84374d5783f

SHA1
5e44f343eac380501e3ec3c505282254cf21e1c7

SHA256
e763e4549e46b2113b5062beea677dacaf0d663fdb5ed35d86e52309c4bb9cc3

SHA512
9812661208977205d88e9ef4d93a57ea8cbce84fafd141c99022edbe65c8386dd45c6ec6870b9b3d7d0d5b3f8c9e2bc0b0e733fd30b2efc7994486aad2e17711

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\efbcb066-d04c-4dbe-a04c-268f2d3da6d8

Filesize
25KB

MD5
414cf421d96f63466d5a1ea78f82385c

SHA1
07dac140063701b1ff17d2dd631d1823dfd8a02c

SHA256
006f24ce8a8aad90ab539dfe3c8089de396a9fd2f99f8e11b8a63f375e9928a0

SHA512
80c29bbf7711d2fac79f3a562e2cc7f33baa6df76320465f87725a36e4a523ee479495d09841d4b1b8de3e72f270e65b72f3de1baef29200a8243dcab41674f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\f093075d-49eb-4d7d-acd8-774f45c556cc

Filesize
982B

MD5
0e8cae708f8dac2b88a7879c3fabc25d

SHA1
a6d68c378e2ed9bc6dbc276f2f3b95c56575e7b1

SHA256
cdee32935918c1e46c00d1f36adea9a7262c68eadc7ec2ea280e8500e4bb0598

SHA512
9704a0a6909536089eb059e8e8b99f30a933f3c8c03c9c6329c830cae08a2f12d987125219f001a10fe428b7f9541dbacad5c7ca92054c1951a1ce561d7ea1b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js

Filesize
15KB

MD5
8870bab232397167a604c813977acb99

SHA1
afd503369cb51f41705946dc515382f766c99858

SHA256
ab88f9068e72c230e6464fca16ae56e5be3a2ca440db813807c0a5d702a4a062

SHA512
b194bcd2385f9f699cb6c1628826c2a3cb688bb9d6b733dc18b5b67c6e01e4ae94b0ce7aa0a3ae9a3993dcfd1073db95d2072a8da6b1ccc1804465aae2b25b4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs.js

Filesize
10KB

MD5
bb815fa6b2d756c6dbf4abbbaa662ee9

SHA1
997325815c98da23f31ca5c01569bf63ef70e34d

SHA256
967c6a72137995d7bd43a12b7fd913825e8810e0447fe349a8a3e80fceee6ae4

SHA512
d89f79a59424013861548a3ec5bbd8b226681038a7ff43fed81eab681db831938f91b7d06a6f0bac2d71de07cb790f7449b3cc9e2dc9a5f662cde314cc499664

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs.js

Filesize
12KB

MD5
a94adda599cee37852e2c2de953a3698

SHA1
8fe00ab0e2a9536cc898128e9955504277ae45a7

SHA256
124f009e3793d2152a5e5a100455d1d179cdc537df69881fb8a1daeeba80b068

SHA512
7ef0fd786fa91271466d67016bc27dc6f17f52ab269c115dabb123d8eb622380e8a596b032e51f205a622662932d088b0e98fd2ec490dcb8ac6b929e6616162e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs.js

Filesize
10KB

MD5
b1b058501d4659035cd6d784e4c8bf97

SHA1
e0f394b3ba268f99f21c3e1a93f1926d3fc09dc5

SHA256
5e90a9ec7496fc5542abf606880378141f86b2d2b4e110b4f75c9f66708357de

SHA512
e63f666b7e928ab5230ea46191bcf1f5f3431add44803d558d81e610a918410934df0628e217b7191df32430d588887449cbb4a938afbae8a2694e074214dbee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
66fee42ce61cd8a8e1c703bc8b27303e

SHA1
b0c6cc7aba2b248ec48daeace6f6b3e894a97585

SHA256
ff9603b661e93a40402c1327d6bd6869954703c625bbf068239a164f14f52196

SHA512
cb4f1a04507a867c7fc6cc790eb93941758a8ec9aa01e1a3ccad4d241db48c99460640cfb7c256eda6d78e4115e1f170c77ca64a244ffce8cbe69b2153ee2936

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
6d4089b5d4cd1736097c546227e76ded

SHA1
25c4a3b45708c8f3555ed437634af7b3e6e978ea

SHA256
af02155fb18e312e59120fc08deb7fd75a8e87adf9e279f83dade92797a4e318

SHA512
2fcc1f385a4557423daa394996de028b1c82a6f15c0d3f68da6db6f54f50178d4ebaf0c178a8d63a0db7b075279811d401da37fe98fab4984a0eb209b877a427

Download Submit