Analysis

  • max time kernel
    276s
  • max time network
    277s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2024 03:53

General

  • Target

    http://isomicrotich.com

Score
7/10

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://isomicrotich.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3764
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://isomicrotich.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4156
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {141d7b9b-a9a7-407f-859a-ee9a27ee2c5b} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" gpu
        3⤵
          PID:2600
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55aadf77-93b4-402a-8a46-17e8adab98b7} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" socket
          3⤵
            PID:3720
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 2468 -prefMapHandle 3144 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {927476b5-eddb-419b-b470-d9af3d869a4d} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab
            3⤵
              PID:2140
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 2 -isForBrowser -prefsHandle 3152 -prefMapHandle 3032 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {815a74d1-6603-451a-aabb-39cec6a5a798} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab
              3⤵
                PID:3148
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4340 -prefMapHandle 3944 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ed4484d-1ced-47b8-b540-a4c5b6143bb3} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" utility
                3⤵
                • Checks processor information in registry
                PID:2640
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 3 -isForBrowser -prefsHandle 5620 -prefMapHandle 5616 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {182da248-3765-4962-9613-88693595b1c1} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab
                3⤵
                  PID:1152
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 4 -isForBrowser -prefsHandle 5740 -prefMapHandle 5748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e15f5a0-60d5-4a14-a0df-4660ba803b23} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab
                  3⤵
                    PID:3100
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 5 -isForBrowser -prefsHandle 6016 -prefMapHandle 6012 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d598b9d3-db6e-4904-b61a-f250d22e5ba4} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab
                    3⤵
                      PID:2664
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 6 -isForBrowser -prefsHandle 6156 -prefMapHandle 5948 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {037ca3e9-5de9-42b9-87c7-16bbadfd4d72} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab
                      3⤵
                        PID:4620
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6404 -childID 7 -isForBrowser -prefsHandle 4352 -prefMapHandle 4356 -prefsLen 29278 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13383354-71fa-43db-9f5a-da7633ae96d9} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab
                        3⤵
                          PID:4740
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 8 -isForBrowser -prefsHandle 5552 -prefMapHandle 5520 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3b0bc5-f589-4cdd-9e0e-29bdd754a5ef} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab
                          3⤵
                            PID:4384

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\activity-stream.discovery_stream.json

                        Filesize

                        24KB

                        MD5

                        96eb5e3a247e3abbc5b8bf95443aae62

                        SHA1

                        3a388f68d6f20bbabfbd8f2b2b0adba4a919a6c0

                        SHA256

                        63bd9550235ceca30e9fbebfa0ea89e9f8af68c93fa8e8702d98a987ac88f3ea

                        SHA512

                        71615c84d874dadc90941957e9f25121ad80eeb1655c10ec8d6eb162ebb039485a653f1f028e666c877ab021d946e2767024feeb2654441fb205e687aeab90e9

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

                        Filesize

                        13KB

                        MD5

                        c1e0cac7d74dffd955d9c4a99702f101

                        SHA1

                        5b6afbb91bf4ef282eb280040d19ddc04c9a32d0

                        SHA256

                        5a9647fa8343a7d46fa6bc7004e2a2ff86a7b924c17793be5f42f29e9f108fc5

                        SHA512

                        504d7c831bbe04def0e50da48f4adeff38074c8eb7da47ce6a7c6813c0b028c6b1b945a50a561bd6fc107721a79e36de264a14d0672ef8337f4a04d5ad8a4b24

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

                        Filesize

                        9KB

                        MD5

                        ebd0ec75e6da2dee447f3fda6e836974

                        SHA1

                        07060b5ce8e53c5018355f5aae8362bbddaa3282

                        SHA256

                        d62190cf14897ab96410faff86da067e534a78b1ba4c3dbce8eecfefa4bb45f1

                        SHA512

                        974d16ce062577ecf93c7afd3a8e5940d44bdc95cec383543cfa5b9cf67121b4b78cf09addeb8a7b93305caa58423a56052ce1c4fc3d09186245c24ee74f2253

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\3251035FC42872B1269D18FB31FF846B6FB70C16

                        Filesize

                        206B

                        MD5

                        7f452ff7e966fa43a0f5dcfe100fd4a5

                        SHA1

                        cbefea241bd26e38d3f4ad26b999537811fa0a81

                        SHA256

                        d83684342e67cf3af528df8f2505a35525699cd616d75da489e089ce09fd00aa

                        SHA512

                        e8ddaaf8309505d0bf02f3e691134a4f651c7ad6cb018f7e62a4cbb34f4091b1d987f103e82a415bd60482a75754af76b75e96618b035fdfe1ce7e6cecda2844

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\352194D7767D6BAADBF50F90EBCAC367598F102F

                        Filesize

                        110KB

                        MD5

                        e3fdfba8a33c1b6a072e708151552d0e

                        SHA1

                        94502911ae9e16c8bb57bc4c7115cd60c0b78b3e

                        SHA256

                        6fdbd8a74fe3d9ca6886b56912478af65f96490c4a73aafffecd3137d02836af

                        SHA512

                        aeb918f38f9538c02652aec99a85a9b85d283f1aa7288d430e471bd07a0aa57b91822c0c2c0331ad69bd26acbc8d65a9866071db73cc174b0d21c97be33cd487

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

                        Filesize

                        14KB

                        MD5

                        cb5eafbc5ce787e28a935561f9e71ae8

                        SHA1

                        3a03b6305b630b69cfd9503e7f0adc615a97be09

                        SHA256

                        68b87498719f22a89f259e57dd9a63710936188c9a9e14b7bdf6080af8808f99

                        SHA512

                        3959a3c46372c6debfbbf8318327f77dc2cf85fa9f088648469ea33d2afecebfb0e7d05de905a4451350a0f1af49f0b2eee026290e9a7841ff3f99f06cb01571

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\7A1E467BC1DF37F174B7DF983919FDBA94712C9A

                        Filesize

                        14KB

                        MD5

                        519af1e79ab40cbdf9f1817e2b4236cb

                        SHA1

                        8ad44d6d6b5434aa31d567c91b8c7b870c3e8585

                        SHA256

                        564dd6ced95e9076a9722f6e6a16aaacfb570d3f37a5fbb7b67f46e098bca9bc

                        SHA512

                        e8b7d1ad1c6eba3f8ee109b79adc6d16aef58f4fba1dbeba747675a8237ff3536868b8b76020c51ca293b11d4110238a32708e74250c3d4475f1078b8d7acc20

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

                        Filesize

                        16KB

                        MD5

                        ede319656f653f332f83fe3bc753572a

                        SHA1

                        8bf5c4f9f73ecde18ec2eccb19e28fdeed1c0a8e

                        SHA256

                        2c176504fac8b6587c7deea6de058000b94219671a3ce48b630dbc309c080784

                        SHA512

                        d91404bbe6bd54dc9f27a86168ac12e99142d15649abf4fe5c5847581aad9b60962a0c6a9782baf7a8e1a52a108cb955ef4c0c8a027b804a344115de16886675

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

                        Filesize

                        9KB

                        MD5

                        7ea050e92593371d8d1b2a719bb3a0ad

                        SHA1

                        6c97de7ca828d52507227f30170d9f4eb75c9e11

                        SHA256

                        1ec852b113fe8eb897b5e851afd7ce59a19c0dfbe13588f87c281e52b3e703c9

                        SHA512

                        91e3a660658adb295777ccd4bdbe3fd3d0211cbac625439f8beab1fbbe626dd51fa7b2f12fbd7d84401f0880daee594683683c01dce590b173ec3c04fccd65e1

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                        Filesize

                        15KB

                        MD5

                        96c542dec016d9ec1ecc4dddfcbaac66

                        SHA1

                        6199f7648bb744efa58acf7b96fee85d938389e4

                        SHA256

                        7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                        SHA512

                        cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                        Filesize

                        479KB

                        MD5

                        09372174e83dbbf696ee732fd2e875bb

                        SHA1

                        ba360186ba650a769f9303f48b7200fb5eaccee1

                        SHA256

                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                        SHA512

                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                        Filesize

                        13.8MB

                        MD5

                        0a8747a2ac9ac08ae9508f36c6d75692

                        SHA1

                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                        SHA256

                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                        SHA512

                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X09P6TTE70GOGJ2SJ1GG.temp

                        Filesize

                        9KB

                        MD5

                        83ca5c6b8f2e8158dedd31832fe41e2a

                        SHA1

                        751fe015beb23dd5621b55918f2b6507ed4245e6

                        SHA256

                        3ec1bcfd33e9d67a857d2044393db6413cc811525003f09ed75cd34fcf0aed43

                        SHA512

                        f1fb5351c92164ec86021327c834e111051fb3af8afb28cabf9307a5a1e2a4ab13f671064b70f1d80879e516236c26d947013a9943c736a9bd73d4c1eb7cd428

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

                        Filesize

                        6KB

                        MD5

                        26d36ac05b6bb3850f6b39e4528f0255

                        SHA1

                        4a36e23b9bbced86a7b2162c4380e1d2ed8084fd

                        SHA256

                        b0276108010be2744ec6014662d93f72efb3d2d5198df70e8f61bc3a2bc2c2d1

                        SHA512

                        36781fb76579b4a66affb1ca952852afe09d8c77be42705415c24eda0a431a3967e5a14383b188fa0e61a3113a85ba490c730225939ce55b420f4b93d04fc2be

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

                        Filesize

                        8KB

                        MD5

                        028636be3f50b0fc7b5584709226d54a

                        SHA1

                        20c38b31767fb7cdf9d4b932ba5a625f47ffa6e9

                        SHA256

                        653aa5ccefc11bbf6da897b9b6a3fbe8df2fb8444e063020c380ae861eac5024

                        SHA512

                        ce506e0a404d1bcea4f581a2ab28494165391e0c3edee37672bb89a09052471acba035d5006d7bc4cf8e52cb01c75f2d87f08674f9d10138c1740f644487bb43

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

                        Filesize

                        23KB

                        MD5

                        e234820cd3312026e79c069f5f82f029

                        SHA1

                        9bcfca4541f5ea795250b6ed7dd5cd6d2f0d4393

                        SHA256

                        34b523213abdce28b600c01997f70b43e06124616f539b160f3239bf222c2e59

                        SHA512

                        eb4d0c76c7411c4580f84c1df5e21d715138662306d0d4530f7550049212d787c0b1cce6f7e72b1f4c4d2dcfbcadc18fa5bb939e2a393491b3959f07d30c93c2

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\bookmarkbackups\bookmarks-2024-12-22_11_2j+mjcCasmj1TGHp9RUObg==.jsonlz4

                        Filesize

                        1006B

                        MD5

                        2f527ab269ef60e8aeb751e402e1b8ba

                        SHA1

                        c83b38b1101d12becd219bd78c9b213cc9d24b54

                        SHA256

                        ef875dc6f2c2d517e61862a97bb3d8d612ec6b411a6d015f5ff2071593ac0972

                        SHA512

                        b2aeb8466299db3d93df921ef9d8506c467495cb76e5d64fcb7f32d8c2c78ee67af8a4f00bbee35e09852f889bc378578fbfc2c9b030386b146e2edad93561ed

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        21KB

                        MD5

                        5f57593e112375cd15108a9a3c478cf3

                        SHA1

                        6e39c959269080dba1487863a07d20ccbe8945ab

                        SHA256

                        a20e02422ac1dee76f356cc4e6ddcf644d172499d6b072665cc9c0ac6cb7058c

                        SHA512

                        e62d4df299b87c1457fc610b8e32ac0074c0fd3f2ffc01103d05a5f74c95b4b1382db362e16407e88e067274157fa144732dc773ff7ef7ce736dd00ab4aa0cef

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        22KB

                        MD5

                        230eaabf0375d3b2186ec60eb0210248

                        SHA1

                        d3f00730507b213320de2a07f181a91fbdbcb8d2

                        SHA256

                        dd5d2c0f79cef84a8131472b7cf25ee54928c55e559c03543cd642f1b2066dca

                        SHA512

                        079b20056cba2c789ee046b2d77348fd946eccc3cc5920b90b89173af965defd4fe32a3525a32272f7283e82dbae81fd69c1874ff01034692b3ae642c40d1fcb

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        22KB

                        MD5

                        92d3d8f5dcd783e4843a5b78eacfe240

                        SHA1

                        074843bca42dce8b26caa8c3cec3c36d1a16e441

                        SHA256

                        b98c4ee830419dbfdee246a5c10217054ee890155e73aaa2301259b43c02f65b

                        SHA512

                        acdfbafbf76ebdaa850f27b8096b3b838d790fb67136839568ce993ec5f47124efe52fdea58d97f7449cc12cb66ab01819938a7a903f2ab85a542e64cc61fa92

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        23KB

                        MD5

                        d5ca4b95da1e35f0971c4fec31edc821

                        SHA1

                        e014e16be3334875446b5650c3d7ed1242e5d434

                        SHA256

                        d8f23c1c4384f4b918be9b7536a0f9054b9b1bdf571cdf005c68f541f2dfd2a6

                        SHA512

                        3bcbd328d5f1b300951f9f365f90b8af0bde8e80b26b5662e1613bf4cfbaabde08be664c967f9030decbb4873031ce93a9a466e6deda1f7111c147f739dbf8e3

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\0a526937-e411-4b05-9cf3-8a545fa4b135

                        Filesize

                        982B

                        MD5

                        8adbc90fcdd5c448cdc6e59a746fff82

                        SHA1

                        4b84a964cb61deb5a9a5202fe354d9d4d3bb11c0

                        SHA256

                        f932681ab3e615faa778b9db9e222f4b6539ab88a9b4ebb13775cee26db395d5

                        SHA512

                        4cd6f6422c4a5619b6d65a866a41ae8728f897d88c4bf6e8879fe4f59912c3f1e5d3e1a9ef7f21e7798be03ccc031de907b59e7cb7d54df6098146ba976ac14d

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\a0e3b7f5-3f7c-4177-b227-c66613991796

                        Filesize

                        659B

                        MD5

                        c90505228fc88bf4dabf92220850b838

                        SHA1

                        039fc52e4f17b1f712045264273988a050c0a443

                        SHA256

                        c4efb8e1376f8494c9cebf0f4b9c10ae3d2a12913df0ca46db590ea309461fd6

                        SHA512

                        6dfadb9ce2a66a06654a0b07dd43e27f19a881381c6117571c111dc238e5ef7348a2b7dc45d88ccd587905ccf19f0fd0016ec66ef5415e1a855e3c06759a2d4f

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                        Filesize

                        1.1MB

                        MD5

                        842039753bf41fa5e11b3a1383061a87

                        SHA1

                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                        SHA256

                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                        SHA512

                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                        Filesize

                        116B

                        MD5

                        2a461e9eb87fd1955cea740a3444ee7a

                        SHA1

                        b10755914c713f5a4677494dbe8a686ed458c3c5

                        SHA256

                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                        SHA512

                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                        Filesize

                        372B

                        MD5

                        bf957ad58b55f64219ab3f793e374316

                        SHA1

                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                        SHA256

                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                        SHA512

                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                        Filesize

                        17.8MB

                        MD5

                        daf7ef3acccab478aaa7d6dc1c60f865

                        SHA1

                        f8246162b97ce4a945feced27b6ea114366ff2ad

                        SHA256

                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                        SHA512

                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

                        Filesize

                        12KB

                        MD5

                        9b62dd0b7bb67d218b57f989250facc5

                        SHA1

                        280a03e4fccbcf83c84dd8e9e0e149dead52bee1

                        SHA256

                        a59c717d9e7e84938101d544c125cdf3c39e63ac54c725d4fbffe7a71e17434a

                        SHA512

                        241352bb238b3bfc75698e6519b0e7f8e38725f9b58710b549db677d429d69efbc3a6907774c6866a836e19668c2ca4db4273e1185c80e394ea870ba566597ac

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

                        Filesize

                        10KB

                        MD5

                        e0e7f8775f0f600fdcae973b83701b6d

                        SHA1

                        dd218a70c400f198e01a122a5af07ce200d25f74

                        SHA256

                        35143a3f4a81a8853650f6d141fe2d87ee165e53ec957b2a50916cef9a2c71d0

                        SHA512

                        3b90fc28cf60eaefd05ad2be84e363152b1969eeaa9dd971f78c2a260171dc229bbfe3d31d8bf746b8a0bbb61226cf2bef44f2e302e1984ca57ba0df9f619b94

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

                        Filesize

                        11KB

                        MD5

                        fadefd0ad11b59b0aa9e9fde15bf1332

                        SHA1

                        330071746ac46f092dac8b7de37b9edc7bd09447

                        SHA256

                        ac3373c38cca94b3f250d6d965efa93af9b6b5d168260150b28d474f62ab6d88

                        SHA512

                        8bbd051cc52f4860a9ab625d85722f99869582138a9ff28f6e78503e4d00e15994adc044244763b584eb677b7bdd098d50183cf8e6fc46b0a350dc7b5dbed941

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

                        Filesize

                        11KB

                        MD5

                        999d592c0d7451008a648edbf6498077

                        SHA1

                        54cd97cd603cc68a886c3b6214e06f00869dc468

                        SHA256

                        6600651246fd240862ef33ea0b7a20f50c47b180084f24585595edde4b114ed7

                        SHA512

                        874562bb4abdbce044cacc7f3519471bf8ecff05c4f01ae0e2af341fa3cb8a4b3629c136446c162ae3d74e6ab3d2e91bb8fd767dd2314641f51e7560eea5f041

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\sessionstore-backups\recovery.baklz4

                        Filesize

                        4KB

                        MD5

                        dabb585f605e8ca6d7f2aa7d8aae65b5

                        SHA1

                        f1933474fae641ba503460031c8c9f862feb78a7

                        SHA256

                        e5c3e0b4f27245967294c3bfb65bc6e0f453d11e6a10866a0918cf982726612c

                        SHA512

                        03591afff81cc9440dfee6325b9123f2c17443eb4e3a79e9b9a723fcf0c0ebc23d9ac98622468f37e4f0c0cc79c7b2cebc6d9dacd9ec9f9bf38987cc18cffd61

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\sessionstore-backups\recovery.baklz4

                        Filesize

                        1KB

                        MD5

                        fd51e30d41963836f83143a7dd59c378

                        SHA1

                        f8a1475a730e7144db0376716ea60c59cf323d93

                        SHA256

                        bea69b47eac1ddb8fdc11524f2129e02b3fcc4741fcf12676c389a9e11587f00

                        SHA512

                        422798122b9453d8ee2c19e9be41aeb826483a904ca8e8166a72b87e32fe0a622741bc8edd35ec84b4802e6e35bf6f0ab3c2d29851a10f29cf8eba510fddef84

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                        Filesize

                        568KB

                        MD5

                        849f8aec10d779a4d4944d66914fb1a5

                        SHA1

                        aa8f617f28a02437649b611eace2494410c1a970

                        SHA256

                        f61a8f1ec0d08a3d35a9c0d22570c52c8a99c71f599c603d0adefeb2460b7083

                        SHA512

                        b74cf94bbdd04bc382ead94f2480bb3a8e3549fdbebcf6ef8e7978f69065708cdb904783f21a1603e264959810fef9c09d18b415c5017ca409f16f1ec7f9ac77