hxxps://docs[.]google[.]com/presentation/d/e/2PACX-1vRvMkDlkYGoovfB7bqoxEBGM4Rtj3Dr1DE4f0sUalZg6FBq705BE7fzx6-Vf8rMtVAKRXzwXOAxSbjS/pub?start=false&loop=false&delayms=3000

Analysis

max time kernel
333s
max time network
329s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/01/2024, 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/presentation/d/e/2PACX-1vRvMkDlkYGoovfB7bqoxEBGM4Rtj3Dr1DE4f0sUalZg6FBq705BE7fzx6-Vf8rMtVAKRXzwXOAxSbjS/pub?start=false&loop=false&delayms=3000

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3532	firefox.exe
Token: SeDebugPrivilege	3532	firefox.exe
Token: SeDebugPrivilege	3532	firefox.exe
Token: SeDebugPrivilege	3532	firefox.exe
Token: SeDebugPrivilege	3532	firefox.exe
Token: SeDebugPrivilege	3532	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe
3532	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3204 wrote to memory of 3532	3204	firefox.exe	59
PID 3532 wrote to memory of 2984	3532	firefox.exe	86
PID 3532 wrote to memory of 2984	3532	firefox.exe	86
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 684	3532	firefox.exe	89
PID 3532 wrote to memory of 4892	3532	firefox.exe	91
PID 3532 wrote to memory of 4892	3532	firefox.exe	91
PID 3532 wrote to memory of 4892	3532	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://docs.google.com/presentation/d/e/2PACX-1vRvMkDlkYGoovfB7bqoxEBGM4Rtj3Dr1DE4f0sUalZg6FBq705BE7fzx6-Vf8rMtVAKRXzwXOAxSbjS/pub?start=false&loop=false&delayms=3000"
1⤵
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://docs.google.com/presentation/d/e/2PACX-1vRvMkDlkYGoovfB7bqoxEBGM4Rtj3Dr1DE4f0sUalZg6FBq705BE7fzx6-Vf8rMtVAKRXzwXOAxSbjS/pub?start=false&loop=false&delayms=3000
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.0.334022487\252161827" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c15779f7-c41b-4f6c-820c-4ab072b7427b} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 1948 2545ecda158 gpu
    3⤵
    PID:2984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.1.1580029905\1550727298" -parentBuildID 20221007134813 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4fd01bb-c2cc-4f6f-911d-670125eb3fb7} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 2372 2545227e958 socket
    3⤵
    PID:684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.2.529351516\1741215849" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3140 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99458cd7-d224-4fb1-860c-8d6e220ef88d} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 3268 25462cdda58 tab
    3⤵
    PID:4892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.3.934938697\1201265085" -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16c56cb2-076c-46b5-b62e-1e88503bfe8e} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 3644 25452274558 tab
    3⤵
    PID:912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.6.1695305082\1948573829" -childID 5 -isForBrowser -prefsHandle 5484 -prefMapHandle 5488 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95e4c510-b87d-4067-8d7a-46e29c36ca21} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 5480 25465c7cb58 tab
    3⤵
    PID:4852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.5.33678966\1074985282" -childID 4 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4f3971b-aa48-40f5-9adc-e1a024e9d7db} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 5288 25465c7c558 tab
    3⤵
    PID:3816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.4.1969815596\793703374" -childID 3 -isForBrowser -prefsHandle 5136 -prefMapHandle 5132 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9ac00c3-04bd-45d2-81d7-132738444459} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 5148 25465cc9b58 tab
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.7.1063947941\78131927" -childID 6 -isForBrowser -prefsHandle 5744 -prefMapHandle 5156 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f354e98c-734d-404f-96bf-fc04f6f7f72d} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 5740 25465cf3158 tab
    3⤵
    PID:4724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.8.272226609\920361918" -childID 7 -isForBrowser -prefsHandle 3604 -prefMapHandle 3800 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77e8022a-c480-4145-a392-ff0aa90b9198} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 4816 25465cf3758 tab
    3⤵
    PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.9.882682606\390024507" -childID 8 -isForBrowser -prefsHandle 5992 -prefMapHandle 5996 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8b5ee53-b7a1-487d-a261-45290ddbc9b5} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 2880 25465cf3d58 tab
    3⤵
    PID:4432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.10.390115004\546926638" -childID 9 -isForBrowser -prefsHandle 6364 -prefMapHandle 5608 -prefsLen 28620 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f25c331c-bc8c-49cb-9e14-6093864c5c87} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 5560 2546a3d8d58 tab
    3⤵
    PID:1524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.11.1433896410\1910231195" -childID 10 -isForBrowser -prefsHandle 6376 -prefMapHandle 6372 -prefsLen 28620 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3299b4e4-4fc5-487c-92d2-d44a437e292e} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 4572 25469349758 tab
    3⤵
    PID:1004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.12.927575133\2055844567" -childID 11 -isForBrowser -prefsHandle 2864 -prefMapHandle 5424 -prefsLen 28671 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b124ece8-d191-411e-a9e8-9b219b104eed} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 4908 2546c3ea258 tab
    3⤵
    PID:1468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.13.170812764\874830483" -childID 12 -isForBrowser -prefsHandle 4528 -prefMapHandle 5348 -prefsLen 29371 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e65c698d-50cc-4950-ba44-d966c1b477a5} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 3204 254613dbd58 tab
    3⤵
    PID:396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.14.1638845317\504898010" -childID 13 -isForBrowser -prefsHandle 2864 -prefMapHandle 5612 -prefsLen 29371 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f70d8e12-5458-4c24-b314-c65fd6c6a7d0} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 6008 2546a3d8d58 tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.16.1179591222\1317143923" -childID 15 -isForBrowser -prefsHandle 6688 -prefMapHandle 6692 -prefsLen 29371 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58d73b2-c68e-41d3-bdb4-30e16438d497} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 6680 2546e92f858 tab
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.15.1058684149\211286206" -childID 14 -isForBrowser -prefsHandle 6332 -prefMapHandle 6384 -prefsLen 29371 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac7907a6-d587-4e83-99b5-073cb3c7894c} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 6156 2546a3d9958 tab
    3⤵
    PID:180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\19383

Filesize
11KB

MD5
380f30d8f86a278407601e3a158a1bf3

SHA1
cf4496376e585226c63f5c581f3173eee33522a9

SHA256
8dcaa2e6760d8fd068c6164060763cdca1813569e1fc3343db02e9724cb07048

SHA512
3db2dd34f5d9569291985f6bd013b084bbfb247ac45cb116ddab936c18d71d08e0fd9a3c234d330db9e046f467025b0f4110eb2989058af6d810d7d8ba8c2bfc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\24459

Filesize
10KB

MD5
c1b24cf965a9a2fada68a3cd42edb364

SHA1
d05c60f8147aeb886c440b56b860cd2e13611c0f

SHA256
e3e4167f64bfe0f7f68d1230be3a25884a01870e6203e21beddcb9b988277c5c

SHA512
bf3fb45a7137ba9be1c4b4a3907bbf6fde876d27b3573bbfcc789f4ca3ff05027660af493d163c2994963807b84f75e6b3bbb3832d729d14f0f02a0a1eb7ff2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\964B1F13EB05D6AF06562ABC9CDBF5BDF843469F

Filesize
26KB

MD5
e43392fd7afe0129b486b70b0155ad07

SHA1
ed04b095b66dddb3f4c62583d8fea656a3083e0b

SHA256
58c9a8024d37a0e5e880950e63e1889a7b8fd6ac30d45deb2023604b16f18ea1

SHA512
10f98df28d1fc32038406779cf13496c44f0810801db9dc9a40612c3a775010ab6847de86fd913e3bd5352078289b36d7d7aae11e284ae9617f103c2999ddb7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\EFC43F86349B73B68984025AE763A42C36BDC33D

Filesize
27KB

MD5
aba04b33c2d09c466b15477c3f0b0f81

SHA1
e4b38b2f74fb8f61006ab7fe3fc6c9fc8660ee1b

SHA256
65cecd78d8cf60f16c3ca73b6c356500a0a7679312c2d02458706b749a352292

SHA512
e80b5a594e6c3c70a3a2fa68bcb62bb95a8a3378f4af6e6c69352730c284bb12b13a76e34c25d922ef9fc9e0b2693b9f98f0079dfa98e0b5dda1ba2e7b8892d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
2.5MB

MD5
0def1a5244769529cb79b87b0e084312

SHA1
0350df537e51e1edfbc60eedafce0f12b9d186bd

SHA256
87ba51abcb314333ec8438e0a9f911d2a8634a336245803a69f5676bf4471657

SHA512
ee4a267619c7acafb457b487ebf0f8b28a4269030799761bcee4c01883e7609f788b3ef6da23bd33214aef6d0ad5fea0825f626ccea43b0fb98bba7c010b90d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
cc6a01f075e3b9845aec6b70d0301e70

SHA1
1967aa5eaaa71ec908c664c95c42d92e2cab70da

SHA256
beb68737db3f63eca3b2809159db230b52f004d60ffd360ef0fc52af22aa8b89

SHA512
8c470075dda0d0734a95c1650190475e903e789c9c20c83f960974ff94665ff6bea19a5e84ee8862ba034aa3fe01e7904fd1eba6dd22bea4eaa59a12ff4374cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
d7e37f7eb3da5fc253106b5132521375

SHA1
93b4419e4e0a1ee96463b1d1f62259593754332e

SHA256
626a6b527e1d94939237b51beec3bec96dcc7e720901b63d92d224cff11a25a2

SHA512
dc48083d41b5ddde5730da7cd43ff3839d35d7ba4e0ee9e6958a452980d1987997bbfe4e3d82ef030fcf808a672cb495c79184e64f327adffd4b3c14af29ff47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

Filesize
12KB

MD5
eb1387683ed619d66aa02d689c3e424a

SHA1
dbb849635c93b2fe053dedd4d198188dec4d4cfa

SHA256
adf46265b1c8c5eb18a27d140096b480a9993404f6e0553ebada14a39b810195

SHA512
1bf52889b551494c4bdf501514802c0d0010e6398984bc1e0cf69bc313bf4c7750a81bdfd63675601d6ed499b761d7a43d510169d63b045244d553038b6df99f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\27ea34e4-8f66-427f-842b-9fc25f962233

Filesize
746B

MD5
532ffa08002947cd50565c613309ca2d

SHA1
f37d540cc5155c51b841fd8c71a0b726632796ab

SHA256
02757108beae1e5263153c1f9e0d8e28d5d94822077320bca77314f0a53ee4e3

SHA512
eeca96888757976c7d5901d5557bde510be704a69319bed1c5bf2b02ca6cf82a8211abf8ac7eb9f1155d2d3b02e971a0e9adf4e7c7d739ea968ed07ebe19aa79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\5b0a44f1-087c-4597-8fde-db73c88822df

Filesize
1KB

MD5
181c0829439f9d93bcbf8787e3169b7f

SHA1
e56f6ce67506c6dc00eb8743d43e07f5d570b5f7

SHA256
3115cd38ee5ac8ed714a7d7016aa4e57af937e1afbcfab8976a5561290fc76c1

SHA512
36d0406fe33d33f499cdd8bf4b8bd24299788ffd8415c0be1bbdef30d28b796838b40dc19e1f8fa104689ab815f29386fa87848c71f3ceea7d491880bd6bbb9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\97ac09cc-3be2-4eee-8593-dcd9be09a658

Filesize
11KB

MD5
7d6ca06ac05f75789f6e89942292d3c2

SHA1
616c16d2f83ea9a7884ecab35cbc9614f9405131

SHA256
1659a32c734290f61f8ae897b7b683936f69b3197cffdaeb9f73fa38f6101595

SHA512
b2253a33582c669acd29257c7077f2ef8df0bfc647bda406b004ae1bc547f74c88190355042b5b1eac9bbe74a5a77a333c46faba7dca16229c6b8252d7609e8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\d6f021f6-2ae9-43a9-981d-a43371d386f1

Filesize
856B

MD5
8c681d28b63127e38d586cf6dfb848d5

SHA1
c234cf756b59abafa2f0816de50c32a18a1580cc

SHA256
d8c8caf49643fbe55da901e08166bc0eddfd7a44a730c92e86540321dd3d9fc8

SHA512
84e1938962db3651c68e4d4dd62a4762829e07d81adbaba614bd9bfc79fc1af496d4f5f377f3d0bc70ba4c08a53244dc1b0f0d5fe932fac1e569d8b05de14b45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
8KB

MD5
f669f4aac8f45eca46554693bc96a01a

SHA1
d9568c2001b2ae5ad8c5d35dc51b5523b3ade5bd

SHA256
4bcab16c35d2bb8ef6fac49f9f7616b5c042c7e12ed1cac21535e167d8d34087

SHA512
a8c7dcb3d53c807464ea0ec54ac4c164bed481724c6bc947d6a404157a84ec98ac8e407925d80435ff4513a31ea53d7a3e82769c59b472eb7751901b8591818a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
8KB

MD5
e515eb17498681bb554b0c2ab8d38f81

SHA1
5f120aab56ea19b1355826ca89d4d86415a1db21

SHA256
331fc3558cd5bb96a2b2ede2d31db0e019323aebe434a91b162c9a39a6ef23a6

SHA512
09e7fcdfd1beaf58fb48755c3c8a8546783d54d0c0de8584c0b0c1e6d44a938161fa5e8a86d662a3566b075d42aa4cf39e0026d47b70a072472e5b42f1c35607

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
8KB

MD5
0992e8c8bf35be57f18bf7a631bfa706

SHA1
984ad783c49c4554d4132798edffab0b998e333b

SHA256
a7ded2329cec6ad9a0611f969249d758f148f7946ca49819ca70e1b9eb4aaa4b

SHA512
5ca4147ca468d76d2e01797f4e51f61913fbda4d2bda7303a9b1368d657c442bb2938decb49bf5aac88a3144b78c09cde76e192e073304371a02f3a07ce18885

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
c966a8ff3b7526a8872b474c0eddc915

SHA1
b8eee9142eeb41a9e4457fe1fe974cb00703786d

SHA256
ddad06c605895ac3cc3f0ad1ae8db1dfa8bdefc542a34c9f105de556c5b3a1f5

SHA512
334b6435863c75f122dabab59aaba9a49c7ac1815011885b0f80107ce9e30ab3c531eaca9b6dbf91763094c0e0cba4dbd391cbf60e2ae7e5a8be3e89cd422441

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
8KB

MD5
a8cee3eaaf8fccbac40d017ab73130c5

SHA1
8500ee519efb69f39e50d099c76ffae6f7f5835e

SHA256
3fc29975f5113a6317d927fcda2f2fa75e3bdf07cbd7e9c5bd37023c720ddebc

SHA512
903b3690cd0d2a9ae20b640f498733f398f242204b0c9488307ebe7be2b0f3625a69e139a527db8b8037114b57e9363e6f3d693b1924e9ac9f00cc5c89902784

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
f0be766a07f1c9af0b6065b79ba939d6

SHA1
81dc1ff3024433aaa068f682da632c9dbcffcf1b

SHA256
d9803b01a950068492e489c0c75cc7280e195c3af0a2758d9ad996ae7b471eeb

SHA512
fc3b348c6ff6182c39a3493da335643f3e8895cd6d1b33afe4e4f8db7239eaea19de2e78e319bf859c3c395f1371f56aaa03690d234d3845ac641045e99b9f2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
7KB

MD5
685de8f343ee7ea48d4439e1d513c097

SHA1
508f8732ef8716560525cc41991cd3693f3bf89e

SHA256
3ca6a7cec467b89792f5838b2f97bd0f4e1d4c6644914b8b4619d34f4c91a1a4

SHA512
6b4b8767dc1c7c7889fd43c9156ede4cd28c6359248e37287c9b9ea34853b667f4d08a8ef9ba7e04a02de98e13b336e4a50631b78554b7d45905ad616a69ea5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
8KB

MD5
09f6abaaa1595a96ad29d09128eaa7ab

SHA1
f04d9cc81b524c4e191b085264fd12cd5b404c2f

SHA256
67aef0e09262387bc251349faa32c911b4f6a531751ea00582680835344202bf

SHA512
da1a8e8f91b13c95405de40730fe5120a0c96454209733d414f50ddaa4e60f7b3980bc9e954a64a07e612a9ce220c02820a34588c5bcbe725caf73e5675599e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9d73a074ff85a8091f251932891ac4ce

SHA1
37f586b4d2d72385c884f6c412d6e875edc59f2b

SHA256
edcc52424427357d52b48ad7adfe5c11cf7167916b4986d05bd94d2531dee159

SHA512
4a52ff15b543acc2bfbab8282bc533c5965b8fa583b78cdf1473c1bfa73f2081438793d664b2871bffde360b8bf68093f977e07bc5e4414b071a5f40b971953a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
d9b33fb9f90512f39d1b8b7ae78d511e

SHA1
4b3eb2557d869cd6d99a6a8e5365d942b8f81896

SHA256
22f996d24df7721905297f5a2bf3fd1cd5375c839d2180b7259285e531e04272

SHA512
8b93ea1d9e97f3672449b5ded68c9e73b627f486565488d1f3acd1757ab5f0718923b8f057955b89cdaf3a61084081fa854270e44075e7321e8d1a7a40bfb0d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e253effefffdea9be934bb13e0ce9360

SHA1
415d3b7bdb60dc576bfd5af2557531323dea4842

SHA256
36fadfc7396a09317b817193c84294cf3072a5896fa61e654abfe2bb62a79cf1

SHA512
7fc93323f7ec1691c4b0cc1b9fc3e2e47b00d70bae3ea481da09e8cd39225b111568f487004c7dc102ddb3ac4c9ad5ac60ea529619d920e91cf432c85d4d9795

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
0a42221c7f0e3a42a9d8f2fc17bfb274

SHA1
7ae0257a4ecde359e2756c3d699d9343ffc7f1cb

SHA256
4fb36872de0d2235c7cee1eb26e24e5c500eb7afb5e973958700441e3cdc7ec0

SHA512
cb8cb8d87e791375a8605e707b2b622d66ea8bf15d0ac1b3ab497ce869f456e0aacb2ec1aa620c1f355054b3f7d2e67ce99779e36366670bc319c09a480c1278

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e2f4563c07632618037b2e54d8101225

SHA1
1531a3b8e6d043125c80b7757373b33b24a54896

SHA256
407f5f77dac6819b5d495d184aad96d0e036b748bcec2f09953a9099de008075

SHA512
5e238fe8abb8204f17f61628dbb6d2e2d93a10d0cc247cd530da6a4bdb4e5c02d5175f6ab53666d74c19cdfadee5cce9d927765e0b27f84dedccef84fef3de1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
f67471c7eddb882c5cd36a9dc34669da

SHA1
8127372d2b34db2388c6c901930ba06b73e95bd8

SHA256
a21c4b932a70d5635056ea2ef77df7d2510570d245387edb36a539d76c0381c5

SHA512
16a8421b57dd89995511b5cb3377883590a0a6012071a4cfc980c50827be7fad0951b34543b08d2f51c148565b7ef8c074f29284e3826dfc44f401a7d8f10716

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9fcc01a23874b76ebb4fec28f5ff2d42

SHA1
263aa511d0c32b4812aa3d09778bc9ac133e9c86

SHA256
87c0a971e205a463cd860ac7358c03650fff5c0ef782df50edd79b82cdadb90a

SHA512
8aea7706969c3d597fb0b9a58e5645bea6aa0a5459cb9e7d9c1296c0e423926edda181a739039c5d3a2175943aaec13f79f06cd0a029dd3301c968c300cec1ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
f76c89976366b6a191025badcd52e3a6

SHA1
3d5061528f26825083d9a12d156bde577839885a

SHA256
4a426e2a66a33530d1edcab36d94715d6c10d50f954ed03659b1c19d3455b0ca

SHA512
bcc1ce548038fc5b9c5584b32033991dd5b841c7955cd21783cb0f62a91a9040cf5f3e036114c4e04009c0c24c26de3d7fc6263139030cc9623c35cbe1fc8ff3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
ee83c0d4c7b1174e1263912d42ebbac0

SHA1
1ecd759817591ebf05d3baa8b352f8bdd7423286

SHA256
192d4482d9ab181c11ca477d89faaf696c84cb4569d5a00423cdfdb5baba80d4

SHA512
bd1552daabfefa5af7c6c9ad4815113d48e14e68bc236fad3a300cbdb0b8b261160514ce65c9e8643c106afc857708dfd19f61681095a251a0122445cda99da9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
8eff070195653e2a131a916680cd18c2

SHA1
7f5dc88fc5d5969b25d5e75cccabd37362b31a94

SHA256
61c22934bcca9275d3aa4a9548828b028aaa84a0c1d977d50daeb889e02dbfd3

SHA512
18ed6beca1a23e74571ee365b3c5e1b92686188178fa5481d41dd4c991286d5b3599613a870a8d371eb886f82b1b5e35be10ae82b0a95452a53f9cffed73f507

Download Submit