hxxps://tinyurl[.]com/39x9ewy8

Analysis

max time kernel
1561s
max time network
1565s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/39x9ewy8

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1740	firefox.exe
Token: SeDebugPrivilege	1740	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 2516 wrote to memory of 1740	2516	firefox.exe	15
PID 1740 wrote to memory of 2700	1740	firefox.exe	23
PID 1740 wrote to memory of 2700	1740	firefox.exe	23
PID 1740 wrote to memory of 2700	1740	firefox.exe	23
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 2596	1740	firefox.exe	30
PID 1740 wrote to memory of 1052	1740	firefox.exe	31
PID 1740 wrote to memory of 1052	1740	firefox.exe	31
PID 1740 wrote to memory of 1052	1740	firefox.exe	31
PID 1740 wrote to memory of 1052	1740	firefox.exe	31
PID 1740 wrote to memory of 1052	1740	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://tinyurl.com/39x9ewy8"
1⤵
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://tinyurl.com/39x9ewy8
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.0.1711378285\1749524020" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ace1958-3f1f-41f8-bd29-005e8ccbe6bd} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 1296 fedad58 gpu
    3⤵
    PID:2700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.1.1659481932\114172490" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6c3ecce-6e8c-474d-9140-7f65f716fab6} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 1500 e71658 socket
    3⤵
    PID:2596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.2.157558476\1513697701" -childID 1 -isForBrowser -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b5d84fd-a381-428e-933e-b6cc18fc1fe7} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 2120 1a2b3658 tab
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.3.1089342049\451839534" -childID 2 -isForBrowser -prefsHandle 2884 -prefMapHandle 2880 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62485aec-323a-4aa6-8164-2509a1ce9f37} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 2896 e62858 tab
    3⤵
    PID:340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.4.42722556\1975288947" -childID 3 -isForBrowser -prefsHandle 3548 -prefMapHandle 3508 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c4fb6cb-4e0c-481a-b6f5-68e86bb902f9} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 3588 e69c58 tab
    3⤵
    PID:1528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.5.945298626\36620130" -childID 4 -isForBrowser -prefsHandle 3572 -prefMapHandle 3564 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {119de02d-9b1b-49c3-adf1-0eba78e8a869} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 3664 1e739258 tab
    3⤵
    PID:1056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.6.1903213011\1226935118" -childID 5 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9063629-8fc4-45ef-a9c7-ff8c16750a85} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 3748 1e737458 tab
    3⤵
    PID:2360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.7.1335342599\32771140" -childID 6 -isForBrowser -prefsHandle 864 -prefMapHandle 1608 -prefsLen 29456 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d711336e-a7ef-4cfa-9309-8bcaf93a5680} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 1636 239c4258 tab
    3⤵
    PID:2944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.8.1136681974\1802444860" -childID 7 -isForBrowser -prefsHandle 2132 -prefMapHandle 2128 -prefsLen 29536 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28f6932a-6ea5-4c9f-9efa-7ad560f805ea} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 2204 1c02eb58 tab
    3⤵
    PID:2836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.9.192550487\1293907857" -childID 8 -isForBrowser -prefsHandle 2176 -prefMapHandle 2188 -prefsLen 29536 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73dbbf2b-0080-4033-825d-f1ebbc8eaa3c} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 3572 1f363c58 tab
    3⤵
    PID:2940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.10.1898116441\1386604849" -childID 9 -isForBrowser -prefsHandle 4392 -prefMapHandle 4388 -prefsLen 29536 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3ea113-1774-4b12-a32a-4e3e03a500ac} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 912 1f362a58 tab
    3⤵
    PID:1276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.11.1009100326\1527167985" -childID 10 -isForBrowser -prefsHandle 4688 -prefMapHandle 4672 -prefsLen 29738 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58728984-1cd5-46df-88be-372e75fa38b6} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 4700 239c7b58 tab
    3⤵
    PID:3144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.12.2055923408\768529738" -childID 11 -isForBrowser -prefsHandle 4816 -prefMapHandle 4820 -prefsLen 29738 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d38a5448-a2bb-414c-9c3e-a1b9dc5a7b84} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 4804 21aa3258 tab
    3⤵
    PID:3192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.13.171861135\1006115474" -childID 12 -isForBrowser -prefsHandle 4644 -prefMapHandle 5200 -prefsLen 29738 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebf45424-4e62-446b-b486-f689eec60f48} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 3436 e30858 tab
    3⤵
    PID:3692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.14.2035173261\1679971603" -childID 13 -isForBrowser -prefsHandle 5232 -prefMapHandle 5208 -prefsLen 29738 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29aa9f65-fef0-4899-8ea2-8231d1d9313c} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 4504 1e73a858 tab
    3⤵
    PID:3872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.15.287089283\1989727226" -childID 14 -isForBrowser -prefsHandle 4728 -prefMapHandle 4892 -prefsLen 29738 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9127e0b4-2a29-43f3-891e-98a2a22531b6} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 4720 1a328358 tab
    3⤵
    PID:3936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.16.1166982012\782423573" -childID 15 -isForBrowser -prefsHandle 3980 -prefMapHandle 3952 -prefsLen 29738 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a4d56fd-7fbc-4c6b-9efe-ff4d85c14427} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 1944 e2ed58 tab
    3⤵
    PID:3464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.17.2080284291\63012020" -childID 16 -isForBrowser -prefsHandle 2880 -prefMapHandle 3196 -prefsLen 29738 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bee985e1-7834-4715-b5cb-478d2c67d364} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 2168 e62b58 tab
    3⤵
    PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\cache2\doomed\26479

Filesize
9KB

MD5
33446a5f759346845c7a317160bdc9c2

SHA1
3a011c97df1fb3d74af3ad958a2ab1652d6b1fc9

SHA256
e7b2d9f545491a04ba1b79b800402203cf04e649cae2f01e0e7813002b7d8b6a

SHA512
54ff59a908bb7f8392a44f7f2eaea6e145450b08bf919336a49fd9b97145032e41e1b96c60d4d7b3c1416263264f395e349f0bd3e1d25c5bafb80c797ec8c6c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\cache2\entries\7002E71F4F8431A3D59D2158243A0EA278856918

Filesize
13KB

MD5
a19108836db47587dea69ba23fa44a02

SHA1
cb8d500bfb3e77e8d8793a75075efb61cee6751d

SHA256
cb71d21e7124f323dcc69fc488a87935afc3bd788a6fe3fd49d45f1e2419afb2

SHA512
7fb01178f04eeed4edf03bcdd0818b6ebc7ed2985a34d27a4d6518e495fd98aea82616a8a61ef87a4619bbb908b49d8dadeaac1c7fa91c2201b4df752e9bb41d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\cache2\entries\B573808F9B4F64D3E5F0B069BDAA48EF4086E712

Filesize
13KB

MD5
3eda18245bcb4a59cc486bc86466e34d

SHA1
18cc660caace541219146fdacca537f6dcebc4ff

SHA256
a6df9cd9a2716ee59644802627dd8080bc266adff265ddb0ad0edaca36dd412c

SHA512
cefa248ee17a72ad326670cd223bb2d334345dd766d5b50c412e5b6ac958fc50256f67fc045b0f01cde06360334287b965e4ff41e8c1a8f64e2ff4569b536d9b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\jumpListCache\WxJZIG39kcbqMt9Br9tJYA==.ico

Filesize
296B

MD5
bcef32e1ac6bc8693e159228aa345b61

SHA1
d4a92f378af7edb0bf2b4cbf743b0d8ad52f3d16

SHA256
4298500cbb2a6e9a8e06ff177870688f3e7024a85a8f89494c0011a1fe46fe9c

SHA512
1478b670fdab73060f9303b45e550480a72adda3d3456b9846afe3b06a4563e92577c9abaf4324924c4eb49688ced901dc693b171ecdfcedaf987b2b42de950a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
724KB

MD5
91eb19a137a95eb5c444963484a77103

SHA1
f0de6e2e61b1a3b66b362441ff56d714fff7d755

SHA256
674d1ffbdd1d20821cce9bd4edf286ac5e7bd6caba6771db65ae01de791bb3f6

SHA512
4f9219b78a7a53354303293d9d9c3d6b2f1a337c571d9316b177b42e9beed253031d141ae92dc3c735138230d6ae5d4d2fe7eef5cff501825d160bbb2f9db026

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
e4392c78fd5e41b92d62aff766325376

SHA1
004c4095d91dead33b4b4148b66b547aa5ae1c16

SHA256
4a2f89beb495e47d1dfd26d8a3a7f5a23069ec2c54763a175c4e35346df90686

SHA512
ba253cfd0f1555ba21a4d88a2bb08a8ffb58a1d9e238f87f80be71156234c00bea44f5878db52dad5ca92fe0d19874102b7a2bde880a306db86ef5d38e90789a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\SiteSecurityServiceState.txt

Filesize
698B

MD5
1c26745634b8411243b5b38f07962a45

SHA1
36f393c88e73a1a7f8c4b87e21c9fe27d00e0503

SHA256
5e1dfa75ac579e84b2ea2aab688ff7b19e9799f75c45ea6254cdc2c01b2e8843

SHA512
1ec732497a08495e04541dd0044b7c56e0cad6e6ee7742429e56428db4768f118401c8f14b719a904053475b86ae2b97e8cf1b20092c8c61e5ef4497c7c325fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\bookmarkbackups\bookmarks-2023-12-25_11_Iqep3GMWhGCBKekZOjcJnQ==.jsonlz4

Filesize
955B

MD5
546f0d2fc2d892a8d7ca6ace009a2746

SHA1
35603af973872b5f501a4b96d0c55661a4588a0b

SHA256
78d71b6ed84f045d08dcd9697dd0c7d055e083c0f4017060bbfb938ae8339541

SHA512
b100807af9da243885f7b903768c989272dd27e1d2ba15066b9115dcbc92ee9bc37eb10b624e5b2e5f3b97ffcb234849d5ee03ac7e1901a5edc3b490242f492e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\broadcast-listeners.json

Filesize
216B

MD5
df480e0032c520fa0f421fbd67e206c7

SHA1
b0e5434b7992bab2433f5c95fd71f7ac4741b1a8

SHA256
873c4cd7dfac9ea7f1007a325182b066e98e6eb087504be2380aa5b91cd449f4

SHA512
62152fbf1845bc8a88ea30f61a18570f06b724d71b3999ec70ca169f5cdab80e9f5d2032bf8f48420331acc32e10b4df76a2ea2e3397ee6df7aadc4ff9b43deb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\db\data.safe.bin

Filesize
1KB

MD5
2826e1430164e2f110e2ed185b5023d0

SHA1
57882d9e9203209bb7eb012fde887884e3a48f58

SHA256
6d52aba73b983791866e43e7f0459cb7acd51ff7609fafaaa386d4317647ecf7

SHA512
28137c7e177cd9478fda6adbdd6c7c8c6e55e198d65433fcbaa6006a2414d78822ce341360c145be07f59f5b90d996f47c0926966a1c6a2173bb58b88e17726e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
14b11f5bed72ce5726f8de77987fe6ee

SHA1
02fbacc95b46dceff7c0b61aa1b7d6d424b94a60

SHA256
16f4895b93f0d38f8827110d2df4745930c3477bdeae72f31ee8f071c391485d

SHA512
748ce288ff26715d0fcb363bedf49dc96cac34c324880c1ee53aaedf56e4d6696161cb217ae2f8c20c92130566643812e0deab8657a491123baab5a9e4a420c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\pending_pings\5fb0c58c-394e-4b97-910a-53fe7813c97b

Filesize
745B

MD5
7357c00466bb35e95744a753fc5f9496

SHA1
ff9a930fce24b4cf4f38cfcec43105119e4f23bd

SHA256
8626e22de1ddefefc77f9c96123c27243c34bed9d6974d378309ab250b9b46e4

SHA512
99aa5511377181d992e840299d15c9ba0858d34d2852dce5c9c6a59880b96e8d6131388c3ae15ae50666c68d3566078f5fc46037fc0a4ecdfdd4dbcadbd6026a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\pending_pings\85d53c9b-b980-4741-ac08-a6f05da0bca2

Filesize
12KB

MD5
b7dba18994c25452652c3696ef3b1479

SHA1
a16142bfefc36eb35389c2480faabcb2742e359b

SHA256
96838e288307fc39c502e7da54082648701eec74e74b5fee57557557be24685b

SHA512
605ffd3aa1b4f59a719f138cd192ed716b7455f917970665b74acba0d31db666478cf3d083819c5bdad41e6080bd70a17c60b5d819e8c4dec42856e5b355b37e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
631KB

MD5
ac6d6195e2ac28ec5322903c873214d8

SHA1
107f13743b14ef2d074b22c077d47cc50ddcd92c

SHA256
a6951a06b33ca2555f98ba4372a1dd90cdd9288c4a6ad93918078578a9b4e418

SHA512
51e55641d82c3e8a8e90174e15ecd47c7689735a2acf5588ccef81d244e550b99da3d83271182523fbc687576345a409b5350588a748efb1cde05302610caf2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

Filesize
10KB

MD5
d3aca5a16cb52e8d0111b1ad1095bfe5

SHA1
7b2cc7c1324713cf93c0fdd3b71ee949722ff017

SHA256
a4eb39d0c3aef95fb756063e974d6cf7705270ca385d75c930d39720ead8d9c6

SHA512
9cd7b992ded71b7f1402c874a9c942182758d8d484b8ff54f46c258e5a24973be2b8233f4eb056c9e753a20e1dd307c208ec3172a49df2a2476e065ffce2c77a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

Filesize
6KB

MD5
2637315738766b429f6513fda6725890

SHA1
edcd768e3aa9a5a8275fe5d2eeac6ff52598458d

SHA256
7e7a7a41e9207b23796847e9499ee68a2c2fa80e22c2f1f0417e9b07764149d3

SHA512
a7462918963768957a816bb3975b3bbdc956ce955f8bf7a617f905ef3223d5c200be2daacd6a9536d2dd63477a81f0eb8ecaa86d412ca170d70164c14b9035d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

Filesize
6KB

MD5
461e806316c106512f9fb06ac9551588

SHA1
1959cc7c734488ca0dc5a65ad235fd08916367c3

SHA256
e7dae95c44961ec5db5d6b8ee55979da03207c6fada61ff0d5c8064aae2e48ba

SHA512
bc49446ac2e3e64910c8cb506b333cef3ca8a90dbc2b9272be32d2cc8d5d6bb7b16dc7b155381080c46a9c8fcb5b9e447767d4e4f61370c093c3c86df33700a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
03dc798122ee1182aa5cd106b8b852c1

SHA1
2eb0bc3f88f0aef95bfbc4f386819a1f902fb1b8

SHA256
fd30339a7a4ea6ffd5d9786c813434481ac1be9475491e29872eea6fe77a4f98

SHA512
8413b8ccc0652511260baeee79af4f486539b29cbcc4dcc00792a8a00b68d3f3ee0cdae9e3aa4d56bbcd5ff48fa1778e535a739bbe9476be2a610e2d6311b2f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
1567de1b8185cde162d118c9603a5164

SHA1
674e567300b4b197f07afba1fa362eecf8b6ffe1

SHA256
6eb2f0bf29f15648d9ee6a3bf63d20711865e62b0519f611ea0432f7b07d3c4e

SHA512
37b4d91524a6f39901e45281e7d2b4b1016204385713a5b81b4de66c6baaccd17e87b904be4305721d8943559bf22085435ac43e69687b4f3b1a334b20dc801b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
249542b8d840a1a2c49ef008e6c3324d

SHA1
08381def4cea1a1e21a6cd7e0447353b4a5f0df8

SHA256
6cd7bef160154a7cf2b27ce002c2577423c98e6638b13ba33a8208edbeddfed9

SHA512
beec6800ab18b94388a84acf72c5da75252115d28d0f4cbe8252cde1f633feb57fdef8f07a05a2fd5c0b6bb989c17285fe82ba6ce5ddc4acfc198cf7faec0008

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
5af4fcac020599ec4dce885ef2c4bb9e

SHA1
cdfd8db5b3c16fbaf68e7271bcc406875e3bc2a5

SHA256
d01007bb47af9345d203ed68a7d4f5b50679fdedd032015aeb587a0b1ae7b795

SHA512
6a3be76cd5a2d1432ec6b33975e145a2cfa4fc7f7c6bbb33d1656cbc23a3ec51f4d4d95320f1320266e107bb5b7903aca18a62914f3316771a4c5cb346ad72c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
67efe7d545b2eb0e24146f8cdc0131f4

SHA1
609d9d166584b85973319ecf3b27a636a3b7c4bb

SHA256
e87bffd4d29d97a4536558c14d866d37e4e7ad9c55425af71f0535dd94653ecf

SHA512
8c42ef724a3db0fcd8f23f98e66c75108b7e13e6a0188de574cb060fb6f1d903f7239c82fa25a0f2d200163b1574dfba5b76acbd6b145e89bbe47e7a787695d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
930B

MD5
9def97b1f855cde39d4afd21ca61229e

SHA1
69eea1c13bae30c08b434384d698166e5322d54d

SHA256
a33cfbd71cbf7bbacb08930797f3b91e7cfbb688e6f3daef6f94c09a8f16cdc6

SHA512
faea6ae255500c15189ab6050f434723f87e7859a2ec6226b73a81bc3e2dc6d3de1366d0746dc8c61613b7ff060651c0cb367a5a9cfff47750fb935c93008da6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bf9b45db506a6dda6387ca69fc2d8531

SHA1
8791e907297eb5a0e68b44fc73b7379f2a824091

SHA256
b345a4f30fca0e84aaa4e630bcf36ddd3da21b5accf08f2b2cf07874603c2b94

SHA512
e10f1a1d37ef3d87da16c9f5d66ba182c0ce39a05f9f13f1e67e8439665d2aab0132589953ec36b96d4010f7dd7823ca75258a36b635e50917c5e1ac8fa183f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
74c8005455d517a4e11ef232a47facdd

SHA1
2b71b3c303cfcd6f7800c3670f2e59158b0fef2c

SHA256
c2aeaf1034c55e4e7dff4fa5fc7c01e25e787bd7e42ed8c16b9e34d34d925739

SHA512
f9ca839cafea079e2b73d2c30a5fb52c2f377a7876cb4a5cd6843576982cdeed93efb928e1598944207433625f5e67b8b059917c5c000a0cbeb4bb1e5779883d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
255622a1ed377f1df9bc3367da49d0a0

SHA1
2852a6ffe7cdc67803c8edb3f88946c5528259d6

SHA256
22108d443287759def8900dbbb5cce4906881e316d2a6335c88787a7acfb99cc

SHA512
2d27a6f863ef0cf6d09890153dd9e752e27d5ccd4f248940ec39a4f020c1042aa24d414a1e32574351633c463d1b17b0bbf8af8f90bbd03a0448baa166eabe31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
90c3b867c6cdc4f2c2a2e6cbe559c330

SHA1
4c9c16146fe492ab62cda007b356550962e74fc8

SHA256
c496a49ef060a434b2dce83b656b9e097a3ac553ac98eb376be1112e78563729

SHA512
df5994a670dbeb0aceecf78e999b80faacc92caff9ccc661a0e07da2e1932fd3ad573a37e45c3cdc62b3d4cadbdecddbef80c4e446d31fb3b511d6f87420f1cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++m.cdn-server.net\cache\morgue\187\{6efc8c83-d155-4011-8f19-ca77834904bb}.final

Filesize
66B

MD5
fac7a5daca01f8e847445aeec81a636f

SHA1
fd917c75fbc64ee042e8206b25df6a0cc02b052d

SHA256
bee96c0875a91043a8daa8299c1ff355f64a121fb7ae2629a9b4d2e67996ad66

SHA512
4b36151a62573fc2da92996929870f0e1f7d1bd496f80bcf99e94c7425d89298291c621af4a6a5770e7ec9c1e7b650e6ce17408f42cfcc3e7c62327b69314a2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.9MB

MD5
5230725e565bb3d3cf7f26520196cac5

SHA1
13dff80847121adbe703a5663d9de248af39e3b1

SHA256
4ecb02a5fe2758b7bca04dd5d0f986ca58a1cc1ef9a5a8f1f34c91e56578bf76

SHA512
ba7885f75648440a02d763f01a04686d2fa3ffb2a71b016a2689ea31ced6d6416043fde52ea9380b918eabb04b597b01c603c87175e76fdaa1527bc14016df69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\targeting.snapshot.json

Filesize
3KB

MD5
a311dc554e2c2d1b4ed0afc9fa7335dc

SHA1
c1388332981447d25a81ef47c490c5e79616ced0

SHA256
2435c670eb48197ade04ea80ee79e3b7ff795b52c8b75e1be243d84b8640c781

SHA512
575fa5ed3dd99dc47c4e6393244f1cd6788ec1b7f848ddeef52ff1c518e224c091cbf6823947fa2753a93e6fc28153b7ad8226a51f6c30afc4f5299371d5c00b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\xulstore.json

Filesize
141B

MD5
8c8e29dfc7492b92903124e1da454a88

SHA1
09e1ea8b5a53255747809121543598e55e38f9ba

SHA256
08e5486c5550ae2844b9569fbe77ca63617c48b2918e8427ba729deba24a2cbb

SHA512
bb1b2cab79ab3a1e467094748fa6879ec325c21da733255428d2b661c02255dcd3036a3706afeb4f576c168127b4a537802f5748950a3db8fb0c04f4827f903f

Download Submit