hxxps://checking-ippro[.]vercel[.]app/alessandra[.]castelli/YWxlc3NhbmRyYS5jYXN0ZWxsaUBkZWFscmVwb3J0ZXIuY29t

Analysis

max time kernel
148s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-01-2025 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://checking-ippro.vercel.app/alessandra.castelli/YWxlc3NhbmRyYS5jYXN0ZWxsaUBkZWFscmVwb3J0ZXIuY29t

Score

7^/10

phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeDebugPrivilege	2356	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2356	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 1576 wrote to memory of 2356	1576	firefox.exe	77
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 4584	2356	firefox.exe	78
PID 2356 wrote to memory of 1440	2356	firefox.exe	79
PID 2356 wrote to memory of 1440	2356	firefox.exe	79
PID 2356 wrote to memory of 1440	2356	firefox.exe	79
PID 2356 wrote to memory of 1440	2356	firefox.exe	79
PID 2356 wrote to memory of 1440	2356	firefox.exe	79
PID 2356 wrote to memory of 1440	2356	firefox.exe	79
PID 2356 wrote to memory of 1440	2356	firefox.exe	79
PID 2356 wrote to memory of 1440	2356	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://checking-ippro.vercel.app/alessandra.castelli/YWxlc3NhbmRyYS5jYXN0ZWxsaUBkZWFscmVwb3J0ZXIuY29t"
1⤵
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://checking-ippro.vercel.app/alessandra.castelli/YWxlc3NhbmRyYS5jYXN0ZWxsaUBkZWFscmVwb3J0ZXIuY29t
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1900 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c23c889-68aa-42a9-a836-db2d639a4d25} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" gpu
    3⤵
    PID:4584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ec5e7ec-3254-40ad-b985-2accec233667} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" socket
    3⤵
    PID:1440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 3224 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a793100-58e2-4b95-8908-b586aeb0f2ee} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3584 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30dd931a-ccbf-4a99-aa1a-6dc79833ba43} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4712 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4740 -prefMapHandle 4736 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3286536-ca61-4c8b-bc73-0d98cf84a6f0} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" utility
    3⤵
    - Checks processor information in registry
    PID:5072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 3 -isForBrowser -prefsHandle 5684 -prefMapHandle 5676 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18127239-acb0-4701-8b81-cecc69f99a91} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 4 -isForBrowser -prefsHandle 5704 -prefMapHandle 5680 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0194be11-202b-45b0-afb2-1e125648ffbb} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:1548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5936 -childID 5 -isForBrowser -prefsHandle 5832 -prefMapHandle 5588 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c770181-9d9e-44f8-b1ac-b9a77c9a213b} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:3100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6044 -childID 6 -isForBrowser -prefsHandle 6052 -prefMapHandle 6048 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {351d561e-5fab-4501-bebc-40da1da0d434} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:2164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1648 -childID 7 -isForBrowser -prefsHandle 6508 -prefMapHandle 5972 -prefsLen 30948 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51f59a14-6444-4e51-96d8-1b102697b4ef} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
2639bc1a0cbc2a9dc3eddbf75fb73ba7

SHA1
e5d5b5c9355741ccda190ca2156f731f5bf7f141

SHA256
af0d93f3751f1aac02ddcca24cbf02484f3bff1a432719a0c5317d5d0ebf6fe0

SHA512
1e3f1afbd2bb63dc5ab943e40747374e525178a8cfb11ceea83ddac498a148b1028a34a9a36d5e87837d3aa10545c4d1df3ffdd80f571538c1f7847641791ee5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

Filesize
13KB

MD5
d39062ff2cce46c0e3290b72afa17327

SHA1
51820532dcad3956f1f2406b5c35cea0c0b96ac7

SHA256
a4e9bf1e07828e8ad00ad5af4a1a67d588b06a35696f265c178997e4c5cfa56e

SHA512
4fc66506d2aa5ca747e6b4ed50e0d264359aebf69c5d2a92a0f296e6ad59ff4d11b532ef4f2bef67b88ffd11048fa90d131c952d35a622f2c9a4834795f711b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
4f37968504fbc3ab133e79bcab7ac9ee

SHA1
8e44c9588a65f8666fac4d0812036646cb8646ca

SHA256
47ca5b6738e8e93b0f73d5081743f1a979164b259c0328406acf55a609ac11ff

SHA512
ef50992818d5d66523a1e552bb7f4bf2c41b2670e52ff8913f6dee0a720a3a0b6d3df0f4f7cd2f236f0a109f30d42f570810f718dd9bfaebb676ce032f2a2ff5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\FBF093D342F7996FCEDB2B9CFB01A3ECAB8D99F9

Filesize
13KB

MD5
6a73bf516c23152decb00d8b810fa857

SHA1
6ca1941e3a46630ce4d4d2cc4cdd584953e141f5

SHA256
af06da55c4a9ca6414174e54fbbcac9ea842a3f5bea4694355f95b18e037e127

SHA512
e22951a5b674078c7637ba963afc3d4e7eba19604230c2e1f8444660f2b76bedee8b091bb732294244e1d219678f84dcbd39ae2b2a9744c7c61afb88f79c4525

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

Filesize
6KB

MD5
54da4700454f8ce71a10621d086c116b

SHA1
477a8578e59e938fb6365ca6a8c42b552b8b5ff8

SHA256
e0066c9c0551b8b93f84b78199bccbe169d8ae1af71b483f44e83a97420bf7bf

SHA512
c23b2f79d684ed219b8773b06079d75a955dd7739d1faa6f207120843233f3e17d09143112577e37352fd86fda87c1e1d54770ba76123542b54ec73d58396e81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

Filesize
8KB

MD5
c6c343cc05c2a6e7b4264a8729a8fdd9

SHA1
5c651998861e945468191d292f52d1279a4b69b8

SHA256
a5e31b4b826a78d50f279f9305c83163be8af595de851823e28a27a343247782

SHA512
fc3f35d11fd48fe78fb1126fbd040f35a26081c711be58be720e9bc329154ae35158aab636daeec316ba0b619d818c94a26316318779f9ac0a571f39b3889534

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
dbd79c5f4c1f4030ffdfb9f35d55871f

SHA1
b5c53fb19a7f924d53c3975b8ff51997283b47cd

SHA256
20967a4174f665ba0fc3778bec9bff9afd197be6438c07e705b553c447709048

SHA512
fa75ce81aef5287eb8b0bf61799aadfaaeed5991e8e242f1fbcb00367761f05745fe3be57a202ace6171e1b9d43a28189cbb94c0df6365d83d1bc7cbf1ae3dfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ca8370ebb785e6e843e28a1dab348a6a

SHA1
558694528b5a18c5e9ae5099c75750f3e4f02eee

SHA256
531ef179c322470037857aa27e56fb157b6228621abe555a3c698f368ba5d68c

SHA512
67424d436772a470c99c0366b8bb43e7385afa3e28bab74ac301db1d585579244fcf7c9e420a4bde7523e049d8633efb3c75a7aff18e7b31bb6929ece311d7a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
fe9e19dca5a614b600e5b9d9f630f7e6

SHA1
cf8d9eb6d4a83159f93072da32c9937ce53419ee

SHA256
27e6dddf64f2ecc209d76f6bca89c28fd53d68044541d311e267e1101a97fffb

SHA512
d2bd58b5e102d021993b1388e29e9bd17b069aa6d37d6562cdf4cdbaf03e7953d6c79ad4d6c866016de4d66e0747816d525c9af2e3fe3f5c77cbf1b8bf57f892

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
a8f7e3c2b308d88ca04051985d585131

SHA1
3d2343760a9ef489f215043edebcc7950eb5629f

SHA256
fb2b7a2f7c29c89bf1dfd708f9205fd6dd28d3a0420e35ce21f98819a46b49cc

SHA512
eeea12184ddb8dac809ac0858263925122b05462229cce77b3a87fa2ff41c1ffa861e105fb3c6207ce2f42e2db8f3ea1f9aea9aeb5ac46fd394cdcbd7b578431

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\7b77d4f7-e388-41ea-ae86-7ba72104aaf8

Filesize
671B

MD5
e73b6bab763d38a5c65c89006d9b114e

SHA1
fa422c923b48a37dcdd15912f0407e3e2265e8e8

SHA256
e4707d700448e41d684d7bc716f9e54abbe1b4a9cd02d481009737a1ba9abd9b

SHA512
bdb5656756c35052062cedf5934b20297584491bdfc61c8cbd050ac94342d9e73b4eef02dda63d970814d579525a176c020b92f111715410ddfccb84408ff540

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\be849cf2-a266-4f92-9c42-13d455307c8a

Filesize
982B

MD5
d9fb0ae9f4cc705cf68e554c914d066a

SHA1
91eec7ce9a8f7bdb021b9e89454c15a664e181dd

SHA256
3850d1ab8b47c3fdfadaa2daa2296a290ddd662f77b26f1473c60d34b33162e2

SHA512
5a8658d856156591bac220edc7c11ca93e4051b691395d7ee2013dadc36204f5bdebab755c338760affb207194044684c01673431e5d05e45309043a82731d16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\ec0252a0-9aa6-48ad-9543-3bf251d89520

Filesize
26KB

MD5
036e74b2a1a00b170efabaabfca795c9

SHA1
1f79d3e41422909ea2278d4dcdddd8eba5e179fd

SHA256
a7a48dbe02bcb7f94a5ed607ebe102d00face3233456164eea9563187d530995

SHA512
4c9c5f598e33946a85b3cce9f7f878c7b6329e2f5ca1731b521821142610f10794ff3dc4506f676d2b60364bf32da23889696f016801089dc046348fc07fc3a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
10KB

MD5
c94cc517947673f9ea0f6e36a2cfd608

SHA1
02881c2585083b618d5b19a22a765fd4bdc3c2ac

SHA256
054924a78a9a2e5b7481fb0945c7eca53987caf9e8b4777b54e23c92e22564d7

SHA512
34a11f6e63f9f606b2d5b8f734edf610bbe3ffbee1dfffd0de2d74ef936f1ecaf94bf2d3be8d08e14fc42b4c9c1c29b4a9691f9da3713c1712859b11c4f49817

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
14KB

MD5
b22e1344bbb07db01bc7a4f9fa7d59fa

SHA1
54cfe36536610d0304d8a13b7277105c7e1d7ece

SHA256
6a3325c5858329932406641d360ede828f7011c33ef60acd1e49bc5ecc2a7971

SHA512
6f383fe540159f0256aac153768b93d0979c1467c874a89d8b9c4f6755f40904ae74a1d2b8d1bdec917c990fd407cbdb9b517a6ecf8867cb84f69393b6d550e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
9KB

MD5
a4bcfa11240a6d4e192d286cd44bcec0

SHA1
aa24d4fc700cd3a6e65ba101b2e69365563cfb32

SHA256
f1670f1fbf07321d806262ce81c5a12c830d33fe4155e94f619e09c84a01f779

SHA512
564def4a2082229424986ce31c93d8d7a3a77b26090f0ac9bd0605795e863107980bf789c6aafa660b0d6972d2502b9095207d1bb3321dad15b61cfa4eba087e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
a9cc70ef91af5a3416372222d952164e

SHA1
5445aa85e924a725b62e455fab5f2842450e87d4

SHA256
f98a60f16b103d3c0979ce2d6e88e0ec4aedaf241d38895c7067eb8ae6810fc6

SHA512
8969d957b167a7ecd82301e5607e6ef4a84b2b76340d6893395378e54ab26fc4fd0f5829c5850879425782cf7b84b22b1f77f7d8db7e0addefa5230e05ab124f

Download Submit