hxxps://checking-ippro[.]vercel[.]app/alessandra[.]castelli/YWxlc3NhbmRyYS5jYXN0ZWxsaUBkZWFscmVwb3J0ZXIuY29t

Analysis

max time kernel
35s
max time network
38s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
13/01/2025, 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://checking-ippro.vercel.app/alessandra.castelli/YWxlc3NhbmRyYS5jYXN0ZWxsaUBkZWFscmVwb3J0ZXIuY29t

Score

7^/10

microsoft phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2826969134-2088669430-2680400721-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3836	firefox.exe
Token: SeDebugPrivilege	3836	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe
3836	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3836	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 4516 wrote to memory of 3836	4516	firefox.exe	79
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3392	3836	firefox.exe	80
PID 3836 wrote to memory of 3624	3836	firefox.exe	81
PID 3836 wrote to memory of 3624	3836	firefox.exe	81
PID 3836 wrote to memory of 3624	3836	firefox.exe	81
PID 3836 wrote to memory of 3624	3836	firefox.exe	81
PID 3836 wrote to memory of 3624	3836	firefox.exe	81
PID 3836 wrote to memory of 3624	3836	firefox.exe	81
PID 3836 wrote to memory of 3624	3836	firefox.exe	81
PID 3836 wrote to memory of 3624	3836	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://checking-ippro.vercel.app/alessandra.castelli/YWxlc3NhbmRyYS5jYXN0ZWxsaUBkZWFscmVwb3J0ZXIuY29t"
1⤵
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://checking-ippro.vercel.app/alessandra.castelli/YWxlc3NhbmRyYS5jYXN0ZWxsaUBkZWFscmVwb3J0ZXIuY29t
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1892 -prefsLen 26919 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85d5a6b5-3ea0-4acd-a46d-40652fe08564} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" gpu
    3⤵
    PID:3392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 27839 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab7733a4-8568-4860-8029-6e7b0e7e3e4d} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" socket
    3⤵
    PID:3624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3188 -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 3216 -prefsLen 22746 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5d732d0-ee21-4cb1-8b89-b94cc89fb5b5} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3556 -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 2980 -prefsLen 32329 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd38cc6a-4690-413e-a5fe-e38ae4c57eb8} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1648 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4624 -prefMapHandle 4552 -prefsLen 32329 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce462274-7dad-4de9-95ea-80be5c66ca05} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" utility
    3⤵
    - Checks processor information in registry
    PID:3648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5424 -prefMapHandle 5420 -prefsLen 27038 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5add5fab-a39d-4e39-93d8-aadc8b459e79} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:1400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 4 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 27038 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {145ddc19-1ecb-44e1-a2d0-f5376e2e3c8c} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:64
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 27038 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f673de0-5876-4a7e-ae98-9ca5c43f1d47} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6104 -childID 6 -isForBrowser -prefsHandle 6112 -prefMapHandle 6100 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c86eef70-e9e9-4812-84fb-0dab391f9b84} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:2976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3936 -childID 7 -isForBrowser -prefsHandle 3940 -prefMapHandle 3788 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e596725d-fff7-4064-b161-a517c328466e} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3600 -childID 8 -isForBrowser -prefsHandle 6264 -prefMapHandle 6268 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc5a9f4c-bbcb-4f3d-9ecd-57f186c86f8f} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:3184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5976 -childID 9 -isForBrowser -prefsHandle 2872 -prefMapHandle 3224 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40facbe6-0d7b-4dcc-904b-dbce127289b2} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2624 -childID 10 -isForBrowser -prefsHandle 3264 -prefMapHandle 4504 -prefsLen 27416 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f478d3e-cda4-4e34-88b7-46a21efc4f0d} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:3140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6136 -childID 11 -isForBrowser -prefsHandle 3944 -prefMapHandle 6244 -prefsLen 27743 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4877977e-c4b1-45cc-b845-5e5603e012a3} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:2748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6540 -childID 12 -isForBrowser -prefsHandle 5916 -prefMapHandle 5528 -prefsLen 28014 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aa421e5-80b3-42fd-b453-43e676474dea} 3836 "\\.\pipe\gecko-crash-server-pipe.3836" tab
    3⤵
    PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
27fafee53dbfb0195e98beb05f4ec2c0

SHA1
827187bea6ff50dc90eb445a9acefed4ced436a8

SHA256
a0bd92de48bb7879beaa8eaaa6a8c718a90437fca1487076b831978c86b09699

SHA512
8cd9310c871d455703e1a00ec21400ec23e611ce9567d790756183c11a4521664c872db41ad44cf1c52b6009f3f596dc349ac2a44ea24c9d4060518b94d0cc38

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\AlternateServices.bin

Filesize
8KB

MD5
dc6effb527d62ec7f75012a565815d02

SHA1
62a66c7a3196e6db84e1950feff1164d9e3df71a

SHA256
f16ece64da141c3a5f60e160246b37826664f54ecf2aaf94a5c137fb3d08cd41

SHA512
1a198c65b563f096a3533d1a21ead9d8dbfb2884e143d86031da42fa428f966f0ac84c73021346da17bd61d736c513bd6385c2e3ca4ab2eb8b551754b103a4c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
2b4e4d4e72e0e9d01ff8c1f56d462b9f

SHA1
38e061c18632f4213c7c2843ab45d623d4657006

SHA256
6f15bb9bcb4a1ec2780ed10a7415c41f8e2c1d0700522483c75a4121e1dae39c

SHA512
291b184a4bf0ff8f8c6fc55842e7cf774991261f79d0a6ae76e0e5989937933bb2f244032c1f6cedec340e80f3cfb824a5cb16c096680b80eefd98f408b1d83d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
ca8f0a362a52ad0a4ff59ebc98cbe4fd

SHA1
30f4e6bdedb0f85c273d4d5cfcd3da2ffed0d050

SHA256
9533a0f071f51900990fdcdfe95ad7fb862e4f5a06cb700dba8c49c849f54949

SHA512
3dea97b916daaf64fd8a1d26b798eab42f3653afaa3de03492e4b2acfb36510c35af741e862c7ae6e9b3ac7026ceb51eac99771c7708ef0a359743993b0dd033

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
3fad5139450875236b7e85abb316731a

SHA1
303b0f74f632ff7a254e7f2895151bccd42b03e9

SHA256
396b10af4db0790c97ff5e977220af78ba5c8d4df4e0bbae7f6cf262928b6f8b

SHA512
14b0a6d5211d2deea40cea0b6d2a36d92136136f753b6c0fe8f3850699db1f4b2a8d66f5746ef1cd8ecfd766993edc390254ea8fa5c1c00d5b29b150c7ce33d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
a38043187fba93790a25f6485b75c656

SHA1
d6fb7f1100abaac1d774a6ad67832c23bd2ae127

SHA256
2d4eec7339a47111942bfccc1d1e4e3299498dbb2284de49b532374a943a1890

SHA512
e8c67a8fbe94b6edec82ebb7338dd39381bd339ff9f54a877ad2f1fd3aa3e40cd888163a140399ee9cbadb110420e89af120181ea7d3b621da529596c9d02048

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
ddff084fb33f1b1e5b016c6a1f1e6eb2

SHA1
7b1e94ee671835e2425c12ade47af392b875dff3

SHA256
dd6384d9f3ed63fc5966775831a2ca8c30175616ce5d51718f46cc5f1d9daf72

SHA512
2299b96cd0249812a1ff494713346e6c4c8b79f0aaba87ff65b28cab0b310e261e633418ab104525e0d27d2ba3a06e9a2c60a38247eacaceb357757efb8c1e41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\datareporting\glean\pending_pings\7ca502fd-4372-4238-b4e2-3cc022843efc

Filesize
982B

MD5
eb68c68889134f76f068962dcfbc1342

SHA1
2e1c8a7dab5a260ded879b202e1133294fec2ad9

SHA256
a50e0826abd968df52ff8f9164db1f42cbe6d54c095de358d3df92109469674e

SHA512
7f4b7da686fb4a3bbc3677ba6554edd47e4337f0ebbac1d5a81a4d7eee2fbf70f3dad5d827a653b1cd06c7a8c06f7d848d8b1d42b06dc9a388f17f0834c26588

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\datareporting\glean\pending_pings\b986adb1-d56b-4028-bd92-deec7d9c0fc9

Filesize
659B

MD5
4287cc85d63d35e0b0f92427bbc9ddf9

SHA1
3d5e3873da34840a47bcd6c45c03f0bad68a347d

SHA256
3452ff1481f9b7063c9dde118912105c13fbb0346974b8287ff501151f953d1e

SHA512
62d09b324301e17e681d3ac5e3121cbfcaee037ab1ba1f5ae4c2c1279bfc8a14fe5092916093a56f1cbc7ae796cffb2731d5e6e9b9cf8fa5c74a539ddc134d82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\prefs-1.js

Filesize
9KB

MD5
88b2ee62c3e407d7102110c94478eb1f

SHA1
b5ed6e296d2734058ea202a657ac4276eb6b9459

SHA256
441bae3fcae7a7f0c2bdde1ba705f3558be86d58177f07d42b4d4cafdfeb7d5a

SHA512
a3516a3eacb6cede615397b571ff67a2d60761b34cfb21db1cda23c35e6215f7168996140d5104e4e3b515c680ce88e33319177d038c632c915f1a7eed61062b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\prefs.js

Filesize
9KB

MD5
891cf1cc6452ef2c50aaa81c68ce8bfb

SHA1
7a51358aa0faf8c9010221dfaace03d03e0d90f3

SHA256
4d0130b63c0dca7b996950c283d17eb6dc11c8b54190fdcb853ac9680244f809

SHA512
efc0b41ea1e944f10e5452da92cc3805911f3f871c2207c0a61419ed89aed9ee4418935fac6d7ced3b3600db51175290efb2249e36474cf460573c4565d8d898

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\prefs.js

Filesize
9KB

MD5
63200604df69ba4c0254abc2f833d74f

SHA1
09bb5e6cf203b625eb2aed43625c4a223c875ef5

SHA256
f5371984491c92b61d129dab25964aed750557b84ca1613476f9791d33f4d6d3

SHA512
d687dce7ad840567e273ce0398033d98ca28e439599149c19515bbd627b5f002e4b90a36cba6f1ed0fbe691b095e93e93a77b7e6483a095c0bc7a9eeb8dc613e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vwhe4aqp.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
1d291b685016cbba23fddd2f32a16867

SHA1
bd17e4bd7d22c9723f4ae0927a73a269bc7b05f2

SHA256
0aa0177b1b75b53e26f5f0ac7044cc300bdc540944c23df2abfc19f931d095c0

SHA512
2f5a1c0d116cc51091929b43f8f114e953518811bfd6d3da0ccb59342822ea35ddef9eb2d4741bc7f263715d01fdad426b8c7247e1f9b5b040cc3eb2d7bbd4d8

Download Submit