Analysis
-
max time kernel
276s -
max time network
277s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2024 03:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://isomicrotich.com
Resource
win10v2004-20241007-en
General
-
Target
http://isomicrotich.com
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeDebugPrivilege 4156 firefox.exe Token: SeDebugPrivilege 4156 firefox.exe Token: SeDebugPrivilege 4156 firefox.exe Token: SeDebugPrivilege 4156 firefox.exe Token: SeDebugPrivilege 4156 firefox.exe Token: SeDebugPrivilege 4156 firefox.exe -
Suspicious use of FindShellTrayWindow 21 IoCs
pid Process 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe -
Suspicious use of SendNotifyMessage 20 IoCs
pid Process 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe 4156 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 3764 wrote to memory of 4156 3764 firefox.exe 83 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 2600 4156 firefox.exe 84 PID 4156 wrote to memory of 3720 4156 firefox.exe 85 PID 4156 wrote to memory of 3720 4156 firefox.exe 85 PID 4156 wrote to memory of 3720 4156 firefox.exe 85 PID 4156 wrote to memory of 3720 4156 firefox.exe 85 PID 4156 wrote to memory of 3720 4156 firefox.exe 85 PID 4156 wrote to memory of 3720 4156 firefox.exe 85 PID 4156 wrote to memory of 3720 4156 firefox.exe 85 PID 4156 wrote to memory of 3720 4156 firefox.exe 85 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://isomicrotich.com"1⤵
- Suspicious use of WriteProcessMemory
PID:3764 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://isomicrotich.com2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4156 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {141d7b9b-a9a7-407f-859a-ee9a27ee2c5b} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" gpu3⤵PID:2600
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55aadf77-93b4-402a-8a46-17e8adab98b7} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" socket3⤵PID:3720
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 2468 -prefMapHandle 3144 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {927476b5-eddb-419b-b470-d9af3d869a4d} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab3⤵PID:2140
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 2 -isForBrowser -prefsHandle 3152 -prefMapHandle 3032 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {815a74d1-6603-451a-aabb-39cec6a5a798} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab3⤵PID:3148
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4340 -prefMapHandle 3944 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ed4484d-1ced-47b8-b540-a4c5b6143bb3} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" utility3⤵
- Checks processor information in registry
PID:2640
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 3 -isForBrowser -prefsHandle 5620 -prefMapHandle 5616 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {182da248-3765-4962-9613-88693595b1c1} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab3⤵PID:1152
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 4 -isForBrowser -prefsHandle 5740 -prefMapHandle 5748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e15f5a0-60d5-4a14-a0df-4660ba803b23} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab3⤵PID:3100
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 5 -isForBrowser -prefsHandle 6016 -prefMapHandle 6012 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d598b9d3-db6e-4904-b61a-f250d22e5ba4} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab3⤵PID:2664
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 6 -isForBrowser -prefsHandle 6156 -prefMapHandle 5948 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {037ca3e9-5de9-42b9-87c7-16bbadfd4d72} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab3⤵PID:4620
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6404 -childID 7 -isForBrowser -prefsHandle 4352 -prefMapHandle 4356 -prefsLen 29278 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13383354-71fa-43db-9f5a-da7633ae96d9} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab3⤵PID:4740
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 8 -isForBrowser -prefsHandle 5552 -prefMapHandle 5520 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3b0bc5-f589-4cdd-9e0e-29bdd754a5ef} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab3⤵PID:4384
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\activity-stream.discovery_stream.json
Filesize24KB
MD596eb5e3a247e3abbc5b8bf95443aae62
SHA13a388f68d6f20bbabfbd8f2b2b0adba4a919a6c0
SHA25663bd9550235ceca30e9fbebfa0ea89e9f8af68c93fa8e8702d98a987ac88f3ea
SHA51271615c84d874dadc90941957e9f25121ad80eeb1655c10ec8d6eb162ebb039485a653f1f028e666c877ab021d946e2767024feeb2654441fb205e687aeab90e9
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3
Filesize13KB
MD5c1e0cac7d74dffd955d9c4a99702f101
SHA15b6afbb91bf4ef282eb280040d19ddc04c9a32d0
SHA2565a9647fa8343a7d46fa6bc7004e2a2ff86a7b924c17793be5f42f29e9f108fc5
SHA512504d7c831bbe04def0e50da48f4adeff38074c8eb7da47ce6a7c6813c0b028c6b1b945a50a561bd6fc107721a79e36de264a14d0672ef8337f4a04d5ad8a4b24
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize9KB
MD5ebd0ec75e6da2dee447f3fda6e836974
SHA107060b5ce8e53c5018355f5aae8362bbddaa3282
SHA256d62190cf14897ab96410faff86da067e534a78b1ba4c3dbce8eecfefa4bb45f1
SHA512974d16ce062577ecf93c7afd3a8e5940d44bdc95cec383543cfa5b9cf67121b4b78cf09addeb8a7b93305caa58423a56052ce1c4fc3d09186245c24ee74f2253
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\3251035FC42872B1269D18FB31FF846B6FB70C16
Filesize206B
MD57f452ff7e966fa43a0f5dcfe100fd4a5
SHA1cbefea241bd26e38d3f4ad26b999537811fa0a81
SHA256d83684342e67cf3af528df8f2505a35525699cd616d75da489e089ce09fd00aa
SHA512e8ddaaf8309505d0bf02f3e691134a4f651c7ad6cb018f7e62a4cbb34f4091b1d987f103e82a415bd60482a75754af76b75e96618b035fdfe1ce7e6cecda2844
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\352194D7767D6BAADBF50F90EBCAC367598F102F
Filesize110KB
MD5e3fdfba8a33c1b6a072e708151552d0e
SHA194502911ae9e16c8bb57bc4c7115cd60c0b78b3e
SHA2566fdbd8a74fe3d9ca6886b56912478af65f96490c4a73aafffecd3137d02836af
SHA512aeb918f38f9538c02652aec99a85a9b85d283f1aa7288d430e471bd07a0aa57b91822c0c2c0331ad69bd26acbc8d65a9866071db73cc174b0d21c97be33cd487
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize14KB
MD5cb5eafbc5ce787e28a935561f9e71ae8
SHA13a03b6305b630b69cfd9503e7f0adc615a97be09
SHA25668b87498719f22a89f259e57dd9a63710936188c9a9e14b7bdf6080af8808f99
SHA5123959a3c46372c6debfbbf8318327f77dc2cf85fa9f088648469ea33d2afecebfb0e7d05de905a4451350a0f1af49f0b2eee026290e9a7841ff3f99f06cb01571
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\7A1E467BC1DF37F174B7DF983919FDBA94712C9A
Filesize14KB
MD5519af1e79ab40cbdf9f1817e2b4236cb
SHA18ad44d6d6b5434aa31d567c91b8c7b870c3e8585
SHA256564dd6ced95e9076a9722f6e6a16aaacfb570d3f37a5fbb7b67f46e098bca9bc
SHA512e8b7d1ad1c6eba3f8ee109b79adc6d16aef58f4fba1dbeba747675a8237ff3536868b8b76020c51ca293b11d4110238a32708e74250c3d4475f1078b8d7acc20
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F
Filesize16KB
MD5ede319656f653f332f83fe3bc753572a
SHA18bf5c4f9f73ecde18ec2eccb19e28fdeed1c0a8e
SHA2562c176504fac8b6587c7deea6de058000b94219671a3ce48b630dbc309c080784
SHA512d91404bbe6bd54dc9f27a86168ac12e99142d15649abf4fe5c5847581aad9b60962a0c6a9782baf7a8e1a52a108cb955ef4c0c8a027b804a344115de16886675
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
Filesize9KB
MD57ea050e92593371d8d1b2a719bb3a0ad
SHA16c97de7ca828d52507227f30170d9f4eb75c9e11
SHA2561ec852b113fe8eb897b5e851afd7ce59a19c0dfbe13588f87c281e52b3e703c9
SHA51291e3a660658adb295777ccd4bdbe3fd3d0211cbac625439f8beab1fbbe626dd51fa7b2f12fbd7d84401f0880daee594683683c01dce590b173ec3c04fccd65e1
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X09P6TTE70GOGJ2SJ1GG.temp
Filesize9KB
MD583ca5c6b8f2e8158dedd31832fe41e2a
SHA1751fe015beb23dd5621b55918f2b6507ed4245e6
SHA2563ec1bcfd33e9d67a857d2044393db6413cc811525003f09ed75cd34fcf0aed43
SHA512f1fb5351c92164ec86021327c834e111051fb3af8afb28cabf9307a5a1e2a4ab13f671064b70f1d80879e516236c26d947013a9943c736a9bd73d4c1eb7cd428
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin
Filesize6KB
MD526d36ac05b6bb3850f6b39e4528f0255
SHA14a36e23b9bbced86a7b2162c4380e1d2ed8084fd
SHA256b0276108010be2744ec6014662d93f72efb3d2d5198df70e8f61bc3a2bc2c2d1
SHA51236781fb76579b4a66affb1ca952852afe09d8c77be42705415c24eda0a431a3967e5a14383b188fa0e61a3113a85ba490c730225939ce55b420f4b93d04fc2be
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin
Filesize8KB
MD5028636be3f50b0fc7b5584709226d54a
SHA120c38b31767fb7cdf9d4b932ba5a625f47ffa6e9
SHA256653aa5ccefc11bbf6da897b9b6a3fbe8df2fb8444e063020c380ae861eac5024
SHA512ce506e0a404d1bcea4f581a2ab28494165391e0c3edee37672bb89a09052471acba035d5006d7bc4cf8e52cb01c75f2d87f08674f9d10138c1740f644487bb43
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin
Filesize23KB
MD5e234820cd3312026e79c069f5f82f029
SHA19bcfca4541f5ea795250b6ed7dd5cd6d2f0d4393
SHA25634b523213abdce28b600c01997f70b43e06124616f539b160f3239bf222c2e59
SHA512eb4d0c76c7411c4580f84c1df5e21d715138662306d0d4530f7550049212d787c0b1cce6f7e72b1f4c4d2dcfbcadc18fa5bb939e2a393491b3959f07d30c93c2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\bookmarkbackups\bookmarks-2024-12-22_11_2j+mjcCasmj1TGHp9RUObg==.jsonlz4
Filesize1006B
MD52f527ab269ef60e8aeb751e402e1b8ba
SHA1c83b38b1101d12becd219bd78c9b213cc9d24b54
SHA256ef875dc6f2c2d517e61862a97bb3d8d612ec6b411a6d015f5ff2071593ac0972
SHA512b2aeb8466299db3d93df921ef9d8506c467495cb76e5d64fcb7f32d8c2c78ee67af8a4f00bbee35e09852f889bc378578fbfc2c9b030386b146e2edad93561ed
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp
Filesize21KB
MD55f57593e112375cd15108a9a3c478cf3
SHA16e39c959269080dba1487863a07d20ccbe8945ab
SHA256a20e02422ac1dee76f356cc4e6ddcf644d172499d6b072665cc9c0ac6cb7058c
SHA512e62d4df299b87c1457fc610b8e32ac0074c0fd3f2ffc01103d05a5f74c95b4b1382db362e16407e88e067274157fa144732dc773ff7ef7ce736dd00ab4aa0cef
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp
Filesize22KB
MD5230eaabf0375d3b2186ec60eb0210248
SHA1d3f00730507b213320de2a07f181a91fbdbcb8d2
SHA256dd5d2c0f79cef84a8131472b7cf25ee54928c55e559c03543cd642f1b2066dca
SHA512079b20056cba2c789ee046b2d77348fd946eccc3cc5920b90b89173af965defd4fe32a3525a32272f7283e82dbae81fd69c1874ff01034692b3ae642c40d1fcb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp
Filesize22KB
MD592d3d8f5dcd783e4843a5b78eacfe240
SHA1074843bca42dce8b26caa8c3cec3c36d1a16e441
SHA256b98c4ee830419dbfdee246a5c10217054ee890155e73aaa2301259b43c02f65b
SHA512acdfbafbf76ebdaa850f27b8096b3b838d790fb67136839568ce993ec5f47124efe52fdea58d97f7449cc12cb66ab01819938a7a903f2ab85a542e64cc61fa92
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp
Filesize23KB
MD5d5ca4b95da1e35f0971c4fec31edc821
SHA1e014e16be3334875446b5650c3d7ed1242e5d434
SHA256d8f23c1c4384f4b918be9b7536a0f9054b9b1bdf571cdf005c68f541f2dfd2a6
SHA5123bcbd328d5f1b300951f9f365f90b8af0bde8e80b26b5662e1613bf4cfbaabde08be664c967f9030decbb4873031ce93a9a466e6deda1f7111c147f739dbf8e3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\0a526937-e411-4b05-9cf3-8a545fa4b135
Filesize982B
MD58adbc90fcdd5c448cdc6e59a746fff82
SHA14b84a964cb61deb5a9a5202fe354d9d4d3bb11c0
SHA256f932681ab3e615faa778b9db9e222f4b6539ab88a9b4ebb13775cee26db395d5
SHA5124cd6f6422c4a5619b6d65a866a41ae8728f897d88c4bf6e8879fe4f59912c3f1e5d3e1a9ef7f21e7798be03ccc031de907b59e7cb7d54df6098146ba976ac14d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\a0e3b7f5-3f7c-4177-b227-c66613991796
Filesize659B
MD5c90505228fc88bf4dabf92220850b838
SHA1039fc52e4f17b1f712045264273988a050c0a443
SHA256c4efb8e1376f8494c9cebf0f4b9c10ae3d2a12913df0ca46db590ea309461fd6
SHA5126dfadb9ce2a66a06654a0b07dd43e27f19a881381c6117571c111dc238e5ef7348a2b7dc45d88ccd587905ccf19f0fd0016ec66ef5415e1a855e3c06759a2d4f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD59b62dd0b7bb67d218b57f989250facc5
SHA1280a03e4fccbcf83c84dd8e9e0e149dead52bee1
SHA256a59c717d9e7e84938101d544c125cdf3c39e63ac54c725d4fbffe7a71e17434a
SHA512241352bb238b3bfc75698e6519b0e7f8e38725f9b58710b549db677d429d69efbc3a6907774c6866a836e19668c2ca4db4273e1185c80e394ea870ba566597ac
-
Filesize
10KB
MD5e0e7f8775f0f600fdcae973b83701b6d
SHA1dd218a70c400f198e01a122a5af07ce200d25f74
SHA25635143a3f4a81a8853650f6d141fe2d87ee165e53ec957b2a50916cef9a2c71d0
SHA5123b90fc28cf60eaefd05ad2be84e363152b1969eeaa9dd971f78c2a260171dc229bbfe3d31d8bf746b8a0bbb61226cf2bef44f2e302e1984ca57ba0df9f619b94
-
Filesize
11KB
MD5fadefd0ad11b59b0aa9e9fde15bf1332
SHA1330071746ac46f092dac8b7de37b9edc7bd09447
SHA256ac3373c38cca94b3f250d6d965efa93af9b6b5d168260150b28d474f62ab6d88
SHA5128bbd051cc52f4860a9ab625d85722f99869582138a9ff28f6e78503e4d00e15994adc044244763b584eb677b7bdd098d50183cf8e6fc46b0a350dc7b5dbed941
-
Filesize
11KB
MD5999d592c0d7451008a648edbf6498077
SHA154cd97cd603cc68a886c3b6214e06f00869dc468
SHA2566600651246fd240862ef33ea0b7a20f50c47b180084f24585595edde4b114ed7
SHA512874562bb4abdbce044cacc7f3519471bf8ecff05c4f01ae0e2af341fa3cb8a4b3629c136446c162ae3d74e6ab3d2e91bb8fd767dd2314641f51e7560eea5f041
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD5dabb585f605e8ca6d7f2aa7d8aae65b5
SHA1f1933474fae641ba503460031c8c9f862feb78a7
SHA256e5c3e0b4f27245967294c3bfb65bc6e0f453d11e6a10866a0918cf982726612c
SHA51203591afff81cc9440dfee6325b9123f2c17443eb4e3a79e9b9a723fcf0c0ebc23d9ac98622468f37e4f0c0cc79c7b2cebc6d9dacd9ec9f9bf38987cc18cffd61
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5fd51e30d41963836f83143a7dd59c378
SHA1f8a1475a730e7144db0376716ea60c59cf323d93
SHA256bea69b47eac1ddb8fdc11524f2129e02b3fcc4741fcf12676c389a9e11587f00
SHA512422798122b9453d8ee2c19e9be41aeb826483a904ca8e8166a72b87e32fe0a622741bc8edd35ec84b4802e6e35bf6f0ab3c2d29851a10f29cf8eba510fddef84
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize568KB
MD5849f8aec10d779a4d4944d66914fb1a5
SHA1aa8f617f28a02437649b611eace2494410c1a970
SHA256f61a8f1ec0d08a3d35a9c0d22570c52c8a99c71f599c603d0adefeb2460b7083
SHA512b74cf94bbdd04bc382ead94f2480bb3a8e3549fdbebcf6ef8e7978f69065708cdb904783f21a1603e264959810fef9c09d18b415c5017ca409f16f1ec7f9ac77