hxxps://is[.]gd/CmxYJL

Resubmissions

23-12-2024 20:52

241223-znrh6a1ler 1

23-12-2024 18:06

23-12-2024 18:03

23-12-2024 17:00

23-12-2024 16:51

Analysis

max time kernel
38s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/CmxYJL

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5080	firefox.exe
Token: SeDebugPrivilege	5080	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe
5080	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 640 wrote to memory of 5080	640	firefox.exe	84
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 2008	5080	firefox.exe	85
PID 5080 wrote to memory of 4812	5080	firefox.exe	86
PID 5080 wrote to memory of 4812	5080	firefox.exe	86
PID 5080 wrote to memory of 4812	5080	firefox.exe	86
PID 5080 wrote to memory of 4812	5080	firefox.exe	86
PID 5080 wrote to memory of 4812	5080	firefox.exe	86
PID 5080 wrote to memory of 4812	5080	firefox.exe	86
PID 5080 wrote to memory of 4812	5080	firefox.exe	86
PID 5080 wrote to memory of 4812	5080	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://is.gd/CmxYJL"
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://is.gd/CmxYJL
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0846d12d-85b4-427f-8abe-1cff677f0857} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" gpu
    3⤵
    PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d85fcb00-1e65-4914-8b73-508df6fe23d4} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" socket
    3⤵
    - Checks processor information in registry
    PID:4812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2620 -childID 1 -isForBrowser -prefsHandle 2844 -prefMapHandle 3168 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {357b023f-4c2a-4c82-bbd9-ae5ca2282ed4} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" tab
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -childID 2 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14bff439-95fa-4d49-a0b0-f2e10d8248b3} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" tab
    3⤵
    PID:516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4864 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4852 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a92ba653-af6a-4f9b-accf-15c4e792f32c} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" utility
    3⤵
    - Checks processor information in registry
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 3 -isForBrowser -prefsHandle 5412 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d9888b4-815f-4bc8-bdba-6c8c86f0a93d} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" tab
    3⤵
    PID:2400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 4 -isForBrowser -prefsHandle 5644 -prefMapHandle 5640 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a85b12f1-7b6f-41fd-bd46-ae8bc9f1ec38} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" tab
    3⤵
    PID:1012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5852 -childID 5 -isForBrowser -prefsHandle 5764 -prefMapHandle 5640 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee16ad00-5bfd-4fbb-a26e-8e76fe364ada} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" tab
    3⤵
    PID:3492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5996 -childID 6 -isForBrowser -prefsHandle 6044 -prefMapHandle 5436 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22dc8ab2-b048-4218-89b9-c9a4cd9f7c34} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" tab
    3⤵
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6284 -childID 7 -isForBrowser -prefsHandle 5492 -prefMapHandle 5464 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d81b4de5-8206-4e2a-b05f-acdccf605434} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" tab
    3⤵
    PID:792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
36e37597c7d254c29e513be4efb242c6

SHA1
79d3dfa6a7b61a2cc01f534b26713fff2dc63e86

SHA256
3b7ced9af9a93787bf9e0060605deaebef2294444c1b38f4419df0530ef74606

SHA512
a1c74361bb992e73c9b6a91ae65b1e9e69137ddd193c525e15b8cbb2c207975b314d0f44cec645303ac37dedc9e6e763fdafc44731898bc6ebded6a5b84b535f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\030516E90D0C3E232BEF4DCE7CF1AF7DD972A088

Filesize
8KB

MD5
d00bbaa832cad7cdc1a7aa3283d8d657

SHA1
b775c208a2c74b58aec83f3794a9d252aeb5bb00

SHA256
d46fb7ca6e1126b65f1463e6cee03dee51b4de9e913e72b56a1449e560a81184

SHA512
db1ac3084927f9ec5a1b9a328923fdc62e6d20d863f55366617679e79759dde7d87b6e4443c357ebc7eaec46ff7a3d8e11d50bccc6a09ea4e0c6ffc84de6897f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\3DE55554987F92301FC68CD8102F851A9C0B9E32

Filesize
30KB

MD5
3fb8d6d34bf86a9e281e075c3cd01871

SHA1
b49c0f2caee242c27dbe2ebd1ec6bc0ef297aade

SHA256
7c3bba2d51e98f2eeefee9ab9688ec3df25cc089d04b9a2a2c35372f99430e09

SHA512
3985cc99f9a2f0e45a3aa75f8d94061caae2e8189d190ee7e49c84b3cdd56fef8a30285008081cfc62bfe0497e9567b4b9a914edbfb048224543e41ce6a7a67c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\53ED51D2B95F241527B12B88C0A29501900A22F0

Filesize
13KB

MD5
2d9bc050b63df2fec8c36e92779af792

SHA1
08f2c9fb6f43b5cd4810f8997fb409b77cf21ae3

SHA256
5d38d6534899e15a3455006c54f8e87805675830f2466f7922ae8557e7af9e7d

SHA512
6906166a5d6d7981fea0e8c207279eb6c8f476500e267e699fed2b0891f1d6288cff64fc0eae99a60b715e76300ef41b860f83d2a271a9d8f0f434b49106d1ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\64233787F4EDC08C556CB3654BDD818A6CBF9772

Filesize
118KB

MD5
88b2f70cd462cef6c861c487e9b0771c

SHA1
f034cd0c8279952731a0ab611dedf5f8361b2571

SHA256
c205992a1e74bc4f410f6d4f9f62d5149dc1243e61a9a07beaf72d5032c4e051

SHA512
e781edf19c9c9dffb2bc89e364aaa98b0ee545cf0a4604667284f8161f638956c1fd9cdd3cd59fd55e9a94482dca37950a96291c11a55337691f73ee288a61cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\8F3FEC0B6FA39D2A4BC8E951F95A83EBED4C5435

Filesize
29KB

MD5
2a9cd70891eab3a805cb83f4dd60706d

SHA1
f10e2e38748f0ca6ccf4219d2fc458787cd6c808

SHA256
57f18da21b3f31d8655aa7374e17878eec3da4536000c76c88a78d8405c7105c

SHA512
ce6f50e5b7e17a33eae76447ff3d399c99053ae696ae319701ee7e0b3312d1caaf3d5bf4d38ab3cd3edbe1f341c35b984584b43b78b6a5fa21366271ecb8e63b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\B417FD047FE215266B9019860F787234795C4B23

Filesize
14KB

MD5
65006ae6e720549128049df3133f0bb5

SHA1
c17033ac8bf895fa8f4589e5dd9e612288b0d274

SHA256
7bdc1336978aff1964411aa3f020538cbeae11eaaf95637efd5a18e9c0634a06

SHA512
163e763c455a9b5ff2c8caa4881ad8c8e156402111c67a566a98c759a65fc799f2d81221bbbc81e2a125875a482f806d334509894e864eb42441a40caea525a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\BE35D6DDF67FAABE99DBE4FB53E3212C3D68FCF1

Filesize
30KB

MD5
a8c1a7a1a13c45f3aeea0f3023465be4

SHA1
8d7bba47e4a100f24cb8b6f4c40da9795c3a18c7

SHA256
8bce072a3e7e2d59806ef222adcd66bd7bbb94c4770ff3f6434a4cc004a64e8e

SHA512
be039073070a768647524d8a0f49631ec3377036aa7369b45e0944a6ead9883df4f85342fdb294afff1a169cbaa4d2d1c75b9c66bdc3e91295bdb814c8301404

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\D10E7C584CAE7093D310512153430F23D68D1466

Filesize
11KB

MD5
165f6fca5035602f5b65db0fd15dee94

SHA1
e7f12f0de16f77efd3312568de829481baebd26c

SHA256
8f5d85efc0f84dcb3d41e888c8b74c46427a03243275b01848eb0c7fdf1307d6

SHA512
c83ef607e85ba4dbf3857443ecedf4ff7e05d4fe031830fc00f2d44f959d35d430407c398100da3d84ef1944c7df4566152352b4d76b6f88666405542ea264e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\D7686B5CC65E873F57FE73F0481B703EEE75FD89

Filesize
34KB

MD5
e9f2f12f011511b8541bb336780ca151

SHA1
bd152202bbc181bdcef42f40ec1277dad7b2b31a

SHA256
7635621ca5ae0e331cc08ef2d2ba96aa0800cb0f9ebb5cb0e77652ea45758ab1

SHA512
d7c99a44bad433c7a20437dbef4e282e01acc4b222d3ec12ea71a55de43c0b04315bf16b79d19f8bb0d40e20643180417b829dac9ae637be491a0738b332ae5f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\E2A03745CA8D8444A9662C59D2C9AE6E50CFB3EA

Filesize
49KB

MD5
d7be4bf93b72d346eb3da9231627fded

SHA1
cc7d71825562187e390714c90ad375418a326f8f

SHA256
5edd0ebe6f7178dd52c1b4d75a43139389f1f4917d92257d5465af0da568b6fa

SHA512
479a70b5d678c0a7504f0f70ba90d4726e99bcdc257a4bc6dc608292cfc0352d46d960c902a53cbd49f29a604019c8f63b88373846b2798a42f2236377e2f662

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\E2EAAD9B1AFE32ABEF1153443EB19977EAE33534

Filesize
31KB

MD5
e4704ece8e864895eab355a071abeaac

SHA1
a3fc3a72bca577f5c7e4cecc0ee4c3f4d3880bda

SHA256
d40cfb8e2f5a008c6a80e260e908455083a40241231ed2d868b381002bf5c9bd

SHA512
cfc5e3489ed6097f0fb875f9af2c7130b309cc71a0c351f62b40ffc15efe31a0c282a48cc6f8fb59ce98f4da27e440a19708069fc9faae38e36e6b62eb6f45cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\F38FD8FE84397B86B20E0454AC960F4DEB3B719D

Filesize
36KB

MD5
72386dc871400d772a2216e88feb9962

SHA1
e75c4784162325fd5281a7d73f9057e17086861b

SHA256
c3a49e1d78c02ef4ff8b9e520e0a7f74ad8e2ea0e203d2316e72cc12e22f8fad

SHA512
88bd056653a9e6ce50cc3914b92e6bd8f9391511f874a09665310ad269d9f012db37eb5928a2b52fbd14dae5fa5b566613f2a45311a6e6a27d68e2cffe57bfa7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
6KB

MD5
0b06204e20e1e73f0a94c3d8a011b573

SHA1
d0798c63f6c62c594952ce287df6ccd556e2518a

SHA256
063d75118c08b452e05c7a2b825d9e78804fd1efd5fae32c0aa2b134b4dcbd62

SHA512
da81e5813945613c96cb2669675dd5e1970707b0a56375883f7c9e29fa584a0ea345bcb64790b6f6b1147c289fca06aa2d3536aac1131b589d794af0a40b85db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
10KB

MD5
1231954cd37261e2ef5067ba28538d58

SHA1
6c5a26ae8d2e720a60ee958516742406ef16ae15

SHA256
1c23da218a214b80340df45fa923ff68a95cc06eda1f1c24c459f5497398a09a

SHA512
1f3a84609a0c307ef71ce974a1ebece3e1782f8610baccdc8ea997bc77e2f9d1bc5553cb18fb3d5c291894afb84f5b42158e2b7be59e2380b4a6d7258492bfa8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
942bc9efdf5669ae97eec614a529e1b1

SHA1
28af116f7a30c8e08237117ef5e264cc954ac9f2

SHA256
bbe1d8b71931ba8bb1bb5dba831556f457db1d4b13d2176f20d42a837f8a433b

SHA512
318c47a2f0640c59d61164ede6ae796fe34aaf6215181a8e2a84fb91fd82434070b87358163b321160018a8adeb8c690cc46b0093943a8906f6a9012d274570d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0fd552d12c5777490a96247d4bf890cb

SHA1
85b7e990da25a5a3155b17a81b350b90d643775b

SHA256
71ff08e87277b487c466a269052ad28bdb3178492853e2075c8931d4638db64d

SHA512
5d876bc085d1786fa9eb59370e48b7671676697e505caaa09094d9654dd0cde93291833b2f7c5950492890c0c5a19c89ef3293d7010750f551fb9f66148c1181

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5210280e140cb16a353d479392bad4c8

SHA1
1d88d0715e02dafa8c9e0d4e6ad2ca2d8df602d0

SHA256
8315871e9f364dcb684db31841343181090cc18390a4eeff8e2ba7f12f1a45ef

SHA512
f252d5529476415a9e4d22d53afe3a8a30f197373d130561e845a55397f887f7f62da5819786aaf3a0a775b46a46a8f9320cb90938ea67ea4d6895207b410f7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
81afa6c74b63cb8e37c7178d4f17996b

SHA1
598357b933fbfb6f2945d5b431d063214b3bed04

SHA256
263aec48136d5e92f75b1389281f5c51f4f5d598130db6b4ec577621f23f4539

SHA512
7211f19c734a335035bd78770f8cc889145ff7b98d202e331439abb9112ef679bc75306c2aa0af0af2490f6d7b8a8fc2fcf1c9c5bb52a82540ba4d366ab4cc35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\8a2c48e4-4a95-441d-b41c-4e6558a812e4

Filesize
982B

MD5
b042539a813fd91013a38d1e48363935

SHA1
88cb2120af0d977cfcbe1f5c081fbb26be6f1f16

SHA256
5fcac663cf06f835d739684ac368f0e483c9197e9884e29135a28a3805ca8aac

SHA512
14bc4c0c1ebf272e127aa53ab3ca39120285020dddfb612ca4a447ea3df906dfe252a22b01135e022766c9cce5b25d70b6dc72c5b016452a0407405aad82c40a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\bfad0ae1-d2ee-47d5-9b05-47668968a9db

Filesize
671B

MD5
fbf150f9f6efb98db5e18d342156abba

SHA1
d92d66785eb64c1818feb3de617b3cc13037eeb3

SHA256
ef96abc8ed7a628713698884635cf2677c0e18d4b37d5f5b407c66155b2c7029

SHA512
97aac73033b76d7f8edf88d5eaac857e12950cbcf543da42f971128f013940b02d178248016b749b1a584eb6dc32780b2a251342a10fec5ff380578a588d50f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\c4d45bee-2a22-4b4b-baa9-12ecd46594e7

Filesize
13KB

MD5
878152dfb3bdc4a3df41d317332e4026

SHA1
da5158673db458945d19be7fc3cefd2c0c9624f6

SHA256
b154af358b37f79fee2276b8a64a2fcc5785b2ef09a9d08a742fa6c149f0fae1

SHA512
471327a6cd5fb03c5ef2d6f1c42a8d40a19a309ba13aacb68b3ffdf129f06450c71ff7ead73f91af7ef3c9277f6b95b42c47a95e1fb8774a6a4b51a9330a2410

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\ea5c2be9-fd80-4135-9567-2e382cc08783

Filesize
24KB

MD5
c364b27ffa870af7e7982947d0e982d1

SHA1
598fea709887579639cb32d3e6cb0e2ab5f83e0d

SHA256
7f44582e3a054965d571c14c53ad29db2590d4b6ba28cdc52edb4dcb11ec6a93

SHA512
df3399b2c847907d4d29cc1cf393d7412332fab0dff99b60d91e8ac7fadc4a0e4dcf5144d65e220a1b7a73419d9fbd8226156402fdff10ab68087a1c9c2f2c43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
e53ffc250ce05c4e4a9cb4699a18137a

SHA1
5c1f9de2a852220f8fbbc870025382c0e176d6b4

SHA256
3eedfe527a08b1041fddb0f02e5ee964c45a29144a3a1dfc45b731baddd4e09e

SHA512
5058dbaa6f9b717514f0e5d33b90fbf40f937dc5c646bb4ba2a2afd8a2b11b7169c5711d686bbe98db0e96e1e7a1512d0e80bcdccbe0105a37d3e40b1f6b09e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
11KB

MD5
d0e6c24eeb784a3e064fee890510062b

SHA1
7060016f1ad688b74cfc4f5260114904c1b6f24b

SHA256
3f4a438dffd796d9b8905b45db993959c8d0bd771463292cd6edaa4025769f24

SHA512
c9ed43b59d93babe9c8b4157f16cfe90253fc2d84219e6063f0e068d41e5c571d32330030acde1e0cc10a5887feb8b1c52a46fbc972496b3646924702a30483d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
38b4430b05e49faa6c5d87937a4c264a

SHA1
79a97fba27d9976d2d91494173ab7e10df85ea86

SHA256
5946658247492e480762fd4d35df93445879555d32aa6943d8926d7cae3735ec

SHA512
72bd9bdb75ca8d40a7f4530873f55e5816ee6fd4b24d753f0b068f2df641d3185f0f5fea23bb206fbd9bdd09345dd5a86bb42fed5b0fbf865813fa2664fa1931

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
52fa3aed1d71fb4946173c0616738ecb

SHA1
17f70ef202891bf0156c67e07258da61ba8dd216

SHA256
d0aebb14804aea283cadf539ebf09d7c5dfd7d71d797e67dfec5a08510fa98bb

SHA512
b43739ff9b720c3bd68adce2ede7e4656d93ee87b0a1b2f7b5a6391927eb219180d645d847acf9535779606a0d1cee591de4fa571a75cd2e4431d020c160035c

Download Submit