hxxps://is[.]gd/rAK6FG

Analysis

max time kernel
429s
max time network
430s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/rAK6FG

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
968	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 1260 wrote to memory of 968	1260	firefox.exe	82
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 3936	968	firefox.exe	83
PID 968 wrote to memory of 4900	968	firefox.exe	84
PID 968 wrote to memory of 4900	968	firefox.exe	84
PID 968 wrote to memory of 4900	968	firefox.exe	84
PID 968 wrote to memory of 4900	968	firefox.exe	84
PID 968 wrote to memory of 4900	968	firefox.exe	84
PID 968 wrote to memory of 4900	968	firefox.exe	84
PID 968 wrote to memory of 4900	968	firefox.exe	84
PID 968 wrote to memory of 4900	968	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://is.gd/rAK6FG"
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://is.gd/rAK6FG
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b49a481-54ac-4e5d-a34e-1dee5404c6a3} 968 "\\.\pipe\gecko-crash-server-pipe.968" gpu
    3⤵
    PID:3936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af2fe187-151a-4ba3-b9de-1f353ea0f22a} 968 "\\.\pipe\gecko-crash-server-pipe.968" socket
    3⤵
    - Checks processor information in registry
    PID:4900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2932 -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 2980 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c765070e-5179-45d9-861f-cf9e3edd2cef} 968 "\\.\pipe\gecko-crash-server-pipe.968" tab
    3⤵
    PID:1964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3572 -childID 2 -isForBrowser -prefsHandle 3748 -prefMapHandle 3744 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ad931a6-8a32-4a50-8b72-6e1e1d3acb7b} 968 "\\.\pipe\gecko-crash-server-pipe.968" tab
    3⤵
    PID:2124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4812 -prefMapHandle 4808 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {634e3962-9854-4a6f-9a2a-de91965babb2} 968 "\\.\pipe\gecko-crash-server-pipe.968" utility
    3⤵
    - Checks processor information in registry
    PID:4280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0545a52b-6ff2-47d7-81ae-28b846d0dd57} 968 "\\.\pipe\gecko-crash-server-pipe.968" tab
    3⤵
    PID:2408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 4 -isForBrowser -prefsHandle 5688 -prefMapHandle 5680 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6630da4f-d752-4261-a5eb-156b0478a398} 968 "\\.\pipe\gecko-crash-server-pipe.968" tab
    3⤵
    PID:4300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5876 -prefMapHandle 5872 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {417e81e9-f216-42af-b8ff-532ad6356eb7} 968 "\\.\pipe\gecko-crash-server-pipe.968" tab
    3⤵
    PID:4296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6032 -childID 6 -isForBrowser -prefsHandle 5884 -prefMapHandle 5880 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dce0972a-93c8-41a2-b80c-584a5bcf0fad} 968 "\\.\pipe\gecko-crash-server-pipe.968" tab
    3⤵
    PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
445c409508a9989d2a607c810707c3f2

SHA1
ae1ab40e636777c80cf0728589334d498d3d9607

SHA256
a2ae5ca1b838159d5f8fe66a63a3338b4fb7c108ea2d3f77602446d357f1fc07

SHA512
080bce7dcf71422d0e949b842f05e3dbb74428cac15d689e0a24e1319bd9cc60cb74ba38951f851421ec290c2a8b8ff3a258820e2facae14878da9bcf15aed5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\05769CC5C751EBDEA672C4F048447BE407E1E0AC

Filesize
33KB

MD5
a80a9af676a828fbc7d70eb7c99785a9

SHA1
5db3a738c1938d0e36462f318b774a8ba27ca77f

SHA256
ef1cc9184e17b738af0d2d9b69b026e8851e0ed21bf73d737681f50326f16845

SHA512
0cec16fb59b5e42426a13abda7f36ea5eac4b45d2a8ed7016d4613b9b0c8e9144c954e58f440cd259de23675b3a6cdf97b3c4320483fb760ad66f0c87f9f1090

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\2B23B8C6F922F2D717093D9471D7BD40CE6D066D

Filesize
118KB

MD5
cf97cee14b9dacb05ebef10877fdbc63

SHA1
51b6eaea02e4d814ec7d8cde7229e2b32135da69

SHA256
2c087dab38039ffd9c15e6a23657fa34117309dbe9b0c5eb7f2cfa5a500e5ec2

SHA512
54b5287c69dea31a9e0c9c910c4c048a71fe23122c080eb68a0cb852a28c1955bce77c2451418593866d1f8f8829638c592f8987921cc9d42682bf056b91d7fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
6KB

MD5
5fc2e6149f40a39d882ffddcef5fedb4

SHA1
d788ea29848e8c5bc65da71441824dad77f21715

SHA256
b7674bfb162e909be79391ba3129870bd763ee17fbf39cd206723d61da2b289d

SHA512
73273d81847f441c99296eb7e3a4475937b7a6aa5b90e899902fbc84890b05f32e9fe9bafe6ba3a2d974379875327aa4d000ffc126c40587b9fe4dd65e9e19ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
7KB

MD5
226235dc0f44ea182509ddcf23ae4ae2

SHA1
ea6ebbd539cf4069b7e715a3bbe721cf8239bb3c

SHA256
8467bdbbcb0914bbcbab8d10451d1e72ad5a3edc6928bee6aa94c60da03e4953

SHA512
23bb88d7cfd4a066dab03ac28a96bb281c1a2df175262bb7f9f6855c1ffbb68bf0a0587909dac22c972a338a1bc919b1ba91933bf60a22c4ab2a76d85b0b4c85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
11KB

MD5
cd4d88c67cf3818395fc9f4178be287d

SHA1
47517646b61abe90dc686c0daf680ff856328b17

SHA256
7f68f16e7e43c385b52286102b9339200c326f82280965881d384e7d7d84886d

SHA512
a7a889c677103cf9d8c28eaa2c02246390cf0d51a0ecfbe642238371782b6d26fd44f0d1db12de4b906d0a5be2e777c92a1a38a11952945622657b372048e0e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
5b0383d7bc629396892c08a23924cad5

SHA1
4bbc0e60ec7c07a096ac2655cfd74205bcaea90e

SHA256
a43b22f47276f5dd228421d37d3883ca8d32e71a8bc414822e5ae1dab5fe309d

SHA512
35ab02c3c98d8195a54a4fa0b7756d2e7d3246b52e21f89168652a82076638dea6a3c205d88366c39a09dc3df4e0198959e70312b76295da0275e8e8dbf1f7cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
16f3fa73660f9b9d71ecc78427fcd555

SHA1
c699d90d33845d324f3854a38e2d4dfc2ddf39fa

SHA256
88ce0469c745e2ceebc301ad55221d72de9910250cc61e5f577d20b16f207687

SHA512
d205dafd2adc6afc142d76f3f1344d47523000fe652034a29e811b9bcc4af5297fd70a26c4b80c20fa90777c43741d20522b403ba1aab4bfd3782762e33b4873

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
77fbddf947bce4a7fc5073d634a6ca1d

SHA1
2ce88c2a668ae7b6cd2b5734e4b89643f2767d07

SHA256
321e107dba1cafc34d1417b673e5e8af51e114e003ed8e72b95ce43deded865c

SHA512
5fc1c24c231eda27957e061242bf63f379312643c0ccccb4eedf4b73b1aab39b5049e6db8d51387986f1c8c4f8a67673286baebdc25d34a3fecdee63e97f5465

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
10292fa7adfc843eb02f5d518c60ce45

SHA1
540df2863e0ab73b0e3e030415f47be816b2f59c

SHA256
90ff78b5d381df35adcc3b63c73e5e0f3f9d33fe06662a9b8bf4989c0a813a53

SHA512
9dcc5bba11d6e9f768e8e8d2f255648fa0b844d864e6a001db4ee769a1e5c660a52ae302d43df464cc96e206de50010af5263e7c217f51cf6a6f4313410a5888

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\5bc25904-7962-4926-940a-a3881ebb630f

Filesize
7KB

MD5
3dd485f7a634eac4d4807d8022d3d7d7

SHA1
85fa9f8a39e9bc688ae032ccc56562ba2331e963

SHA256
7ae3a92f8050e3d297d22cd518c68016c2bafc1b11bb8452b77308542a3995c5

SHA512
80da34f7a76ebc248298b912a7bec23a7b42d103ff43fe21f3275b27151533fee53bd68b47f3d045470c9ee3ada00d6476f44ac46a957c5cdf7d75b2b095c1f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\79c4acaa-ba53-4e12-b0f3-885fb02f5b77

Filesize
982B

MD5
09f311423ee2cbf947e875e953acdfb4

SHA1
933ada88baf7dd0ee0f10f1b5323ea25c207bc22

SHA256
7bffc29b0c75e55fd131235b095d69fea98b451ac214c2fc5ae33ebbc884b3b6

SHA512
2ff7468a2daa94193155fc65d8926dd8d839e76165066e731f078fdfddc5abac7cdad686f68304e7b52701a706807d6ea41aa21f54acd1a438258fab53318cc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\c8c574c3-d1a1-433e-997e-4bc0bfb011ac

Filesize
671B

MD5
e29ff15c85ee1bc1dc43f6278eeedc90

SHA1
dd14cbd5ccae00335f65accf89476943ead2274a

SHA256
0e6c091c80a5be9125dfc4fd3aba6310abe34de428dead3b0bde13425c756d71

SHA512
a03ff61a8cf1585912bed18f062aca5ec647f00acdfe5e5d8bc23c36784dd228fc1c4b2263fdd8da8bc6db5731ed195020fc941d6129fe5bd36cdeb4f33956d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\f16c0e63-2afb-4a4f-adb5-c447c0c05cfc

Filesize
26KB

MD5
70a09836e7846e56e9fc6f135fc613f6

SHA1
1f41ab41fee0683172f030cdece8679af09b52be

SHA256
4813a7d7e67699adf75f73c9e48e2d7d6d4e2e5c2a273a352c7f7df23e8a894b

SHA512
057466d3e7993b0e5f647c3f939f83b7ce8619e777f897ee5e8a5c215f9431668c34995c6d86a7c413e3bf26d1723fd8f1a3fa18f244fc0e80835687539d3cb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
10KB

MD5
8f063bfcc48fb9bdc169a78e791ddba3

SHA1
57b8ce3c4a810e8a73aa2c14f6ec607c68751fa2

SHA256
9d9ba397be8c91365e90fc2a1e3178279cc5003580fdc44b025b2870d829d0bf

SHA512
c161c9b5ca900cd66f9b8b11c8f7de449fa8377dca17eadaa1e3c6441ed8f837dfc7e84b170a43739a5edd14d481e6934164fb4e50f5ccc5fcf3b1248c28fddc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
10KB

MD5
5a3f033cf0d8d17781550bbd7bd42fdc

SHA1
2aaedded64992d317e48c9f5b220d4a41d58304f

SHA256
6c105543191bff728cbe3704c571528078b5d19376c8f5dd585871d4bade090c

SHA512
b20b947ac3d3aedd74a75bb57c33f990c022fa26f4a117e88095d31978b405fba9a3df62680625c4db556c4ab06eeec59fb96c010ad08ef0f17803c7de2670a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
9KB

MD5
0319522c0153ed2ac15486001e9ee625

SHA1
f6428bad2a61909548fec3ea69df08376444f41b

SHA256
bd033c4781570c390a2d030f3b41c0a0dce871ad1d27d3c19f7c5d3f322a3c5c

SHA512
793ca30d6c7f52ec92715375bc4c158d61aa988ba6977b37691a9da00a437d9f55bb0e48f7c75043f2983affea155044454026545e55c5f0629a92c2cc1e92c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
cb57471d645d896ca35b6b0860af0611

SHA1
7c225f53cd68b82e272daa586e214d1e38938636

SHA256
52b8867102e1086d993b7e0145940c95bc2b4bef97c9cd6e8a525f1e44ca88b0

SHA512
ec5f88881e9726dd3e46366b2b0a5d1dae33519099f7d8703b6cbe3ea441e323f8e5e4ba59848928d311ff56c826bbe1a76420118f21d8ad3c4fda6e87f4d91e

Download Submit