hxxps://b9fee5ea[.]1321efb24214f25665cdb06f[.]workers[.]dev/?email=christian[.]schlosser@oup[.]com

Analysis

max time kernel
140s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-01-2025 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://b9fee5ea.1321efb24214f25665cdb06f.workers.dev/[email protected]

Score

7^/10

phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4712	firefox.exe
Token: SeDebugPrivilege	4712	firefox.exe
Token: SeDebugPrivilege	4712	firefox.exe
Token: SeDebugPrivilege	4712	firefox.exe
Token: SeDebugPrivilege	4712	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4712	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 2936 wrote to memory of 4712	2936	firefox.exe	77
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 4272	4712	firefox.exe	78
PID 4712 wrote to memory of 3780	4712	firefox.exe	79
PID 4712 wrote to memory of 3780	4712	firefox.exe	79
PID 4712 wrote to memory of 3780	4712	firefox.exe	79
PID 4712 wrote to memory of 3780	4712	firefox.exe	79
PID 4712 wrote to memory of 3780	4712	firefox.exe	79
PID 4712 wrote to memory of 3780	4712	firefox.exe	79
PID 4712 wrote to memory of 3780	4712	firefox.exe	79
PID 4712 wrote to memory of 3780	4712	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://b9fee5ea.1321efb24214f25665cdb06f.workers.dev/[email protected]"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://b9fee5ea.1321efb24214f25665cdb06f.workers.dev/[email protected]
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {584b89f5-108c-4f8a-b018-8ac693799be4} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" gpu
    3⤵
    PID:4272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21e410de-0b28-4df5-9e62-8414208ff11f} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" socket
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65400ed7-1623-469f-9577-b533a774b90e} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:3596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3016 -childID 2 -isForBrowser -prefsHandle 3224 -prefMapHandle 2708 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a78ce31e-4bad-4f04-a995-bf38804c5427} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:2116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2796 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2828 -prefMapHandle 4416 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe554281-9d66-486f-8fe1-cee4622d745e} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" utility
    3⤵
    - Checks processor information in registry
    PID:5652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 3 -isForBrowser -prefsHandle 5444 -prefMapHandle 5440 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15345721-c855-492f-823a-eabbc94bd0c9} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:2572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5856 -childID 4 -isForBrowser -prefsHandle 5928 -prefMapHandle 5936 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44b7535f-6932-4f0d-8fc1-8aaf7d46ad07} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6000 -childID 5 -isForBrowser -prefsHandle 6076 -prefMapHandle 6072 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecbd6e66-0182-4262-8002-a1ccd294802e} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:2096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6172 -childID 6 -isForBrowser -prefsHandle 6180 -prefMapHandle 6184 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b730a6b5-529c-493f-abf8-e0f40022078e} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:1952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 7 -isForBrowser -prefsHandle 5532 -prefMapHandle 5520 -prefsLen 30948 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87626e96-0cdb-43f1-a807-4b45251eee2d} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
349055466d177683f3d56e70fb14ab4d

SHA1
24a3461da86d261980f49400625d40435b3d6a94

SHA256
8c0dcf210c86f2c7509925d4ca127071041cf241b0f70ca4f4089702a5ed8337

SHA512
b2901a5f2aa2ce59ce777817a0acad220b5aaf78dbba23d04ac4e322c91ded7b7c11e3b121fa976d1e420e2ae0fad5ecb5b9cf2e7254b241cdd5fe0530f559ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\D18FB7DA89F8DD4E7A2C97703A1647E8C981D05A

Filesize
13KB

MD5
ac79dc3ceb28c357cc0238263609d459

SHA1
1fa67c26f1b78de4f39a4484c92c91f240eb974a

SHA256
c60d3da139b9f5008207b2074e8f8e5ab76c67125fa6c9b04825622151d6cce5

SHA512
742496fe0cab6c0749b781e8aa4cc7b3378cd772642a1867936ee2e741fa5e86701bb2af69c1ee8774311f040270eec6c24bf5abf975c22253dcb393acce39f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
da8dedfc4a61e7ccc954c49dc1e6362b

SHA1
ad87d4f9a5c5cdbc34325aaea35eaebea734eaa1

SHA256
3ec14b2d3725a47492c87909903c16e8961ab3625163f88f6209260dfb0eba37

SHA512
15fec5e973667b210f8d87f946e75c2bb0d64414d609584bf033f0a272483c3fc5095a42ca7a6eb4dcd8b21c6e0aa036eae4c77544a6945a3b6ca7a9606a73b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
6KB

MD5
622e15851fb891163314fe4e15d75a73

SHA1
7fdd0770f59ca82a316f22a3237e1043991fd504

SHA256
6a86c35a147ee1d82e66877a0f24d649466457edd9cb065202368ac1419f3347

SHA512
b6617caf931d1ee1d9ffedf4c0a6f788f76fa98c55b6db34d623838edf9a0cad37ffdc2924ee2764dabc3bef75309203853ae7ea7d98f53f659398f3e0a2821e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
8KB

MD5
d03b35d51baf1960f84600d4603a668e

SHA1
c52d489e1a33c77b233b57e26bb4f3644045b222

SHA256
5beca02b0425d064abc23226416f97fe147036cf61e41bfef664a77fe507d521

SHA512
fa8998db1aee9af95aa2c000791db8e2bc710da0ef2eaa699ae2211f07238d135063cf74b75edc849b4ada08ac343ed4b6b01fe300e56e4f62d206a52718537c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
966d648dc1eee1397eeba5805f05a34e

SHA1
68e414a47d438d9bc5814561b976bb92663b3be1

SHA256
f48f0faae22258dcc5c2745237dbc6d3a9646ac85bfd8fb3ddbe0d960400313e

SHA512
ee6e48fa8d4452be2eb562d21a791f1eece39f4f9abdd4d9638d32ed1940db17b8788bf4cc959261b9bf5791c38f28afdf19966d3cd7d79f743ac3e367e459b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
4b7fd65bc787aba78d2b327428f75933

SHA1
83c9b6a4ca979f90e500cbf84cb42da9bada38bc

SHA256
eecb49da4b1fde6e9e03febb00c2d06b6a3916270e1a5d13742db49cf917661a

SHA512
e4c5524d916d86574e2ca965d75cfc503f7a5ff2732cb07fd334a746f6424a629bcb3974f3ac7a57d3468b5da77fc10d7c788657ea9895a07e49c553af9536df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
04c3a3639c35e4bafdc703aa211c126c

SHA1
38644d240a1f7e75ad092eaf0c49ac5590627711

SHA256
f8c889db19139073961f029e7626dbd1fd60a112793e5ac3db1bfa04ffaeb0c3

SHA512
2d382401db153ccfd667b892027e190ff832e7e73ef2c9d0036343ad52acb07f79e2f27a41a44486f78374e49a347ac2298d8dcad6d5c160bb816a634126914c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f453201e9224f501b97281ae208b02db

SHA1
7d1c6b162c431e1a3a6087d5368b236ba4f0622f

SHA256
e4152c141c4478acc677f72a22463f626549461f206348e778ab7f3d9db470c4

SHA512
6d0049c61d4391a4373e49ec97aaa67e1a0e0f105a7acc871c891c39787678b41a50fdac85eaf54db2e319bfbe4d4d85ffbed90550e9e0cf84b4c940ec154480

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
db414395aa4743e4ee2b1d299c58544e

SHA1
17af62a2d900a9e1dbf6bc0b84c1e6834e99107d

SHA256
ff63c504d992748c74d8018f7043901c7114b8f9f2ff73f4313cb5c0096c1a62

SHA512
efb8e52f494bea4e3810835461580b41154582897ae8ac65810c556ffa4c19ece6b71e34df1a0fbb0e98e7b5e258c951efd94be85452851471714cb54798b601

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\2a8855b4-e16f-46d6-92cd-5c6c0fffad47

Filesize
24KB

MD5
409078fc696cf9dcd72f17739b31e3ae

SHA1
cfe4e8db7edc9c9e446ef8486a55e9cd09424b14

SHA256
6dd15626146f5c8d3078be1cd8eec34f77a11627bc3763b509dbfb14780a2f5a

SHA512
faad85920c53ae91e08f2cb74c87297aec6a5d037eaae4e7b95c0450648f77ac5a6df6e924905bd54f27d06dfd7594b18bb59a711e45df1151cff2007575b2fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\4a644cbe-f50a-4a31-a0a7-b64b2ccba187

Filesize
982B

MD5
e77f739af48a182b6a32a8f52de08883

SHA1
3bbb5c776d348a7c156ecbd505f444e20f9c729c

SHA256
bffd5c4e925ea144559b5eaeb085339e5b10fb5925dbc989fd4b8232c4a76ec2

SHA512
8763ee0615dc62d98e832e45197926932e2c4fb819854d0056c241d41901e6a58f51efa9addd9e3524cbc70b5aee424fb8cd975c06d899f1a6665205de33a073

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\cf67e989-05e3-413c-859d-84ef4e573920

Filesize
671B

MD5
41e662bbd26ffb8d9ce56543d77b7779

SHA1
68632145d6ffae496c320aa546b61d8cb57d189b

SHA256
7c5afd941960fba31df90f7d605ccf31c9c21773450aef82273378472bdea8ca

SHA512
2b11bc6ca0fff485da4cdb0bbd51bcc795d682f02881929c4175e75cc1479d0ef2f0d0555e276793d7b3b877e977c2a2b280526dae6302d4bc8d3690371d5fff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

Filesize
14KB

MD5
e973c3a042df18543053b8276694aee1

SHA1
5f0e4ac31a9f31484a05dd7fc212cd714db501f5

SHA256
1ceb76b7d45d0e364e5869561020d3d6a148f067828ff9876771f5874a57f86d

SHA512
b7df73f42ab55365440c727f541b2d4d4af4307cba20a2fd590007b23a22a1296620c0969420589e1c4ece4427dbf16fb645fcd410c514f71c9a46e0cf179c78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

Filesize
10KB

MD5
1fe9ad4b9d1a6ed8deba2493339ba493

SHA1
a5322dda1bad26dc75d0106f38d755a8e61a58db

SHA256
7ba1422294f20cdcb8b455a93f87bd21f46155e57840d7fad6c06185580a8fe4

SHA512
deb2d179d29150d4d4a6b24fe7c8fe66a0e435207239f6dff92f51b647bf37062311774100164a131c9448f9d9c2650d803a31227f52aed1d07cd7d3896c3354

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
10KB

MD5
b7e2e78cd2a6c53398aee7dfc35038a8

SHA1
8d12f5df4a93e76a32d173d3ca9ac01f477506fe

SHA256
6e0620ad10c4ab2dc655c087fa7ea14ab55fbede920a2053946119f5c3919ab5

SHA512
3bff44c3983e5f47e2e85b692419a96c8a5d4f55178df9bdb51ab21eed07d087be5d5f83dcf92ccb1e50f88b0a2bb096d5b35017176d27f2a3164fab15df5a24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
55adaee756bc54db8c4ca2f3b1aa552e

SHA1
ef052999d2626d489c6dc9a6cb6cce7cd2b18f55

SHA256
c2b28fa116a87a2ef80d789add93f0f2bd4007189c25f26bb7afde1d36643b7d

SHA512
0b4109bd0944c4262e242f58a7470da3dedb15bee2918ebd0b826042c06567ef1a30445ea910acc85c81212ac5258e8f4b14e5381008b74ac9f6c817fc11bc10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
880KB

MD5
ca829a5db2f0c4c3e79dc80fb713e95d

SHA1
58329e443fd48285d4251c36e34934f9cdb25a68

SHA256
78d128cfb82aa79d3ea25fc0538be4791f08a38578778ecae45bfa3c9f03a67b

SHA512
c400db37ccfc7f2a096b615f64b94d22c37ae2fd5f96e885e15efb832cbf55cadcaf5ac6c8eb24dd43ee8660f84b0f10f4fb9431965e2b59c77847eae07c1f3b

Download Submit