hxxps://opnform[.]com/forms/attachments-ktrqco

Analysis

max time kernel
54s
max time network
55s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-12-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://opnform.com/forms/attachments-ktrqco

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2420	firefox.exe
Token: SeDebugPrivilege	2420	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe
2420	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 4960 wrote to memory of 2420	4960	firefox.exe	80
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 1280	2420	firefox.exe	81
PID 2420 wrote to memory of 4480	2420	firefox.exe	82
PID 2420 wrote to memory of 4480	2420	firefox.exe	82
PID 2420 wrote to memory of 4480	2420	firefox.exe	82
PID 2420 wrote to memory of 4480	2420	firefox.exe	82
PID 2420 wrote to memory of 4480	2420	firefox.exe	82
PID 2420 wrote to memory of 4480	2420	firefox.exe	82
PID 2420 wrote to memory of 4480	2420	firefox.exe	82
PID 2420 wrote to memory of 4480	2420	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://opnform.com/forms/attachments-ktrqco"
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://opnform.com/forms/attachments-ktrqco
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bea87c1e-348e-4bbe-84d5-c5956f866bca} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" gpu
    3⤵
    PID:1280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2472 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2436 -prefsLen 24759 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6056a78-45cc-4bdc-967d-3c8bb13fb632} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" socket
    3⤵
    PID:4480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1464 -childID 1 -isForBrowser -prefsHandle 3336 -prefMapHandle 3232 -prefsLen 22700 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cca7db3-f06a-4726-be3e-6b247f0d4100} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:1532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 29249 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd1f5a43-9bfc-4b09-8028-d4acd09df259} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2628 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4556 -prefMapHandle 4552 -prefsLen 29249 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f47ed9a9-896d-4425-8c22-10af524f587e} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" utility
    3⤵
    - Checks processor information in registry
    PID:1468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 3 -isForBrowser -prefsHandle 5444 -prefMapHandle 5440 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d2d77f5-d857-4953-9d27-52824bcd5f22} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:4644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 4 -isForBrowser -prefsHandle 5592 -prefMapHandle 5596 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ed5ad98-968a-46be-b72e-24ed1903e1a0} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:2916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5788 -childID 5 -isForBrowser -prefsHandle 5868 -prefMapHandle 5864 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddcee6b4-4324-49cd-8292-6470ddde9822} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:2976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6308 -parentBuildID 20240401114208 -prefsHandle 6312 -prefMapHandle 6128 -prefsLen 33517 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6570af93-7977-4161-a8d6-63d27b7045ba} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" rdd
    3⤵
    PID:2492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6444 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6436 -prefMapHandle 6340 -prefsLen 33517 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae261a80-538f-4620-89b4-9698eb3d4167} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" utility
    3⤵
    - Checks processor information in registry
    PID:900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6828 -childID 6 -isForBrowser -prefsHandle 6868 -prefMapHandle 6864 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a855fb67-fdcf-4c62-8345-eaf651f9b59b} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:2268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 7 -isForBrowser -prefsHandle 5500 -prefMapHandle 5352 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1f5d41d-82aa-4b85-a773-09e74b48ab8a} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:4880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7032 -childID 8 -isForBrowser -prefsHandle 7056 -prefMapHandle 7060 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d19c5b3-3196-44d9-adbd-f68a5bdb38f6} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6012 -childID 9 -isForBrowser -prefsHandle 5552 -prefMapHandle 5524 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d310d1-f003-4e2f-83fb-0e6e2ef11a68} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:4952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6292 -childID 10 -isForBrowser -prefsHandle 3624 -prefMapHandle 3608 -prefsLen 28013 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {196126dd-f9cd-44b3-80f7-380b5952de9b} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:4692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 11 -isForBrowser -prefsHandle 3892 -prefMapHandle 4776 -prefsLen 28063 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56cdbdf7-dec5-49d6-9329-19145dbcf108} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:2032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 12 -isForBrowser -prefsHandle 6204 -prefMapHandle 6760 -prefsLen 28063 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51f67903-927e-4416-acc4-45875ad8241b} 2420 "\\.\pipe\gecko-crash-server-pipe.2420" tab
    3⤵
    PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
807f28949e623deb05bc454a11f4421f

SHA1
85c2834ab210d2076f722dc8143271a5fd4ca834

SHA256
e82d7f1dce7135e9df023eb6b03439567aeabbd224a515e576fa5b6f4a3fe23c

SHA512
cbfa352d10cb52a3df1b64985e6313e25da37e76faaff7ad91cd074993db59d50cf3a4a96cf108a0e19f158e72e90420c81aa82d1377db4f3b650128d5627088

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

Filesize
7KB

MD5
1f22178148b7158d4c515d286f68ebf1

SHA1
4059f07dc9d12b5705603fcf12cc33eff2d8161f

SHA256
f2789671e9aa5b20547512c311929d6b3765b593fa21c0285afd57da0b27024e

SHA512
b047b35b73edba8462b64d6fede486b1a155da35f2a8d5f74b29aba98b901d9d3ab503a925d2f93e2d6411d6db135720fa377ad07d7cc48413b8f8d313fefd8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

Filesize
20KB

MD5
89717dff7f02b491dca1138f9ddac9e2

SHA1
71fb66d700ab91869d4e184070867bd8ba4dffe0

SHA256
015aa5ac3754d9a398eee0a57ab7b0370395ea0ab430cd5f15a545597aab97a2

SHA512
98cc751d91887e7149c2f71409566a5000322e76ae45d7c105b3be4bb295e4ca99262b84d8e3cff322fd22cc4bac807d06a1651535b790c3f0d9107282c45066

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d58fdbee5a197be0721830962902bf2e

SHA1
a502c1fb2e002b5f0be44ee8fb9b5f5f0917bae1

SHA256
c11a4bdcb87215eeb593224acc1bcd8fde7211b2ed0db7d221c2e45bf0291cdd

SHA512
0b829540fed1f08eb4c97a23a2ec346dae205b7eddb2181dabf3beef8f68736d89eee673faf86791d800a3d9aec66dcecb80880aa8817bfc3d2db4444a826de8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
fdf037dcc2b4af4765d78f100eed23fa

SHA1
134d1253fe9b4dbf0e9a149e5d9e4a698beaf3d6

SHA256
3a72b2b9f4b56b601842abc6d7315f512b625f42daf1a4d9c94a82e94a6e7656

SHA512
6fef218cabbb8c0b961373a8b391ed515b8dfe9f4275af60f93f149d5869c903afda50cc4ef3da24cdd07f58e35a4f1f8af198427a9e42fa1e88c188b869cce1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\084b7ab3-e5d0-45be-880c-5781cb97e6d0

Filesize
25KB

MD5
a36a506c5bb442214ca2e8d93d8400a8

SHA1
45c6c9b2f596e9baff59c852050d75a877525cd8

SHA256
88d0bed89bedcf9e54d90049265025c05350eca6ebe23308cd8993b4af12f980

SHA512
083d5d3904e0c7872d6100787b5253291274bdf5194953fbbb0c9391028ad605a7ad0208ed7170d5dfcca8f9b984b7dc6c108df9da0a59e3b2e9a68b7272105f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\2b56e9ef-734f-4a90-a8bb-6266c1b0af5c

Filesize
671B

MD5
da82ca8fb32887acdbb4e9161aacfe70

SHA1
34a80b901419bbafe9823a368edc095d53b3d6b8

SHA256
a1cb7187421206dc7935111729a24eeec13190e8841c0ce2ff22204688a850a9

SHA512
d88eb0e93fe2e0997971d158665effffe5c9ddc5d387411522f6912efc18f5522db4dd3ec64098cef0ef081ef79f50813df8f6c073b86deddecae49dafba8411

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\35adf3f4-018f-4abe-acb7-93520cf167e7

Filesize
982B

MD5
6a7b73aca5400597649f2e1f43f450ba

SHA1
ece98a67fa746167a434cd93e5b6d9240f9f5e04

SHA256
a25d720f5e922dc48f89331648ef018eee0d3ffd585f8feaba7c15e3b09c9f2c

SHA512
559cb861fbea19ea48342d4b7852eea752e28bb3bc9822faef5832ceebed4597dcf712099a4a93cf3ae6ca2a295a9b224236f696563561f677a5ec9396a4df2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs-1.js

Filesize
11KB

MD5
7b40ffbdea8cff24f91ed451d3daceb6

SHA1
61cdc613afe59fd399abc67a2ee2732ffd9e35c5

SHA256
e9d626baab6ae83a0291c06c7b146e49f3bed968b2d4c8045489218038eccbcc

SHA512
692a82969df8fd38750488d0d97390948a88f05446e0448062fefff13471e62c76841df9a51d8f83aec293d4adc06ef3eb066ef366b7152d152a49447cb64518

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

Filesize
10KB

MD5
403a18589f2d540c622df9cb9e5cda93

SHA1
55b8c437d16e518ff4f21b8ae453666b7c9fb2a6

SHA256
892bf8c40826bf780809abaf3249316a57acea170efef5fb0397fdaac46f859a

SHA512
7552dd111392a47d2a81b0fe82563f2ff909b768d6dbb21d89a5913f86502e13e9b99d62c996be2186e4b7ea54b7215adeee05e281154509a29b2f824c49abb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
1b306dfaf9a1a6fb2fd075620981c410

SHA1
81f816e155733dc47215aa735cfd7e5f032bba0a

SHA256
c7dadb5735e44a304d7a913ed4e0c2d7296b59268354f19dfe44ee35b2ba33e5

SHA512
d3431353f24280783a195bc5535f9f36d2024a33ff7d3a6ad059a9a11ed99a0532008eae5ab8a52cbc4af403f33d763d0f92468419521a9dcf714fb9f3ca4af9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
c100bce37b100bd49e59a6d87015b6c0

SHA1
6187defb1f2bf956419e9e5e13cbdd61fe70c0d8

SHA256
7e8a716d2695daf21794c14801a7e516131dadb3318651f3b05d0b18770098d2

SHA512
cdc3c51d19c44abe5a02a428e09137097446721ba2accee11140948cbee64b5a5cadbf72987f70e5a84c2ffaad716482daaff8d6090e6e3517c6f2c445a23bf1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\storage\default\https+++opnform.com\ls\usage

Filesize
12B

MD5
59c592039b5e99942440777f29fec021

SHA1
f8ab07866879dfdb20530887b9fc6cac84001326

SHA256
d1cb5dc38962fa0de8dd1b6db165f20f4b38c75b9fd38ffbf4d73b16e75368e5

SHA512
a32ee984e6fc2970f548cff9db8ce3167edbccfa933ad9357f535f712d272cbe55ae6656abe206cded44a2154d7e55b8d715b6d1bfb93e9caddb924dd8c602f9

Download Submit