hxxps://oxy[.]st/d/EZGh

Analysis

max time kernel
1561s
max time network
1663s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.st/d/EZGh

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2304	firefox.exe
Token: SeDebugPrivilege	2304	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2304	firefox.exe
2304	firefox.exe
2304	firefox.exe
2304	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2304	firefox.exe
2304	firefox.exe
2304	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 1948 wrote to memory of 2304	1948	firefox.exe	28
PID 2304 wrote to memory of 2964	2304	firefox.exe	29
PID 2304 wrote to memory of 2964	2304	firefox.exe	29
PID 2304 wrote to memory of 2964	2304	firefox.exe	29
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 2944	2304	firefox.exe	30
PID 2304 wrote to memory of 1344	2304	firefox.exe	31
PID 2304 wrote to memory of 1344	2304	firefox.exe	31
PID 2304 wrote to memory of 1344	2304	firefox.exe	31
PID 2304 wrote to memory of 1344	2304	firefox.exe	31
PID 2304 wrote to memory of 1344	2304	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://oxy.st/d/EZGh"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://oxy.st/d/EZGh
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.0.1126755807\1854674036" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ace9044-a465-4239-abd0-0c23b7b56c13} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 1304 10bf6258 gpu
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.1.1382101677\1362806262" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1504 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {657f3056-fda3-41ff-9bdc-6d3745b90418} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 1520 e6fb58 socket
    3⤵
    PID:2944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.2.2114976552\1633445203" -childID 1 -isForBrowser -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b0f76d5-e1da-4165-a259-af724d7a7cb8} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 2152 1a5a2358 tab
    3⤵
    PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.3.1461837104\338745047" -childID 2 -isForBrowser -prefsHandle 2904 -prefMapHandle 2900 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {987611f5-60f7-4442-97c7-86f414893322} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 2916 e67558 tab
    3⤵
    PID:1916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.5.1862590486\1833842204" -childID 4 -isForBrowser -prefsHandle 3672 -prefMapHandle 3676 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7cfe3ac-906c-4ee7-8889-5abcf77dd4f9} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 3700 1e55f258 tab
    3⤵
    PID:1832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.6.636671823\562008878" -childID 5 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0fce37c-5be1-4b3e-9311-693bfb1bac70} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 3880 1e725958 tab
    3⤵
    PID:1764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.4.1779333285\1501590290" -childID 3 -isForBrowser -prefsHandle 3668 -prefMapHandle 3004 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3792ef8-f4a7-44b2-a136-18c81b992bee} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 3688 1c40b558 tab
    3⤵
    PID:1976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.7.12157230\2017737782" -childID 6 -isForBrowser -prefsHandle 4664 -prefMapHandle 4596 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2db5f55c-9aad-4fe4-abba-652fcd274c8d} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4628 21e21b58 tab
    3⤵
    PID:564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.8.856810712\656328016" -childID 7 -isForBrowser -prefsHandle 4676 -prefMapHandle 4672 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {548c771d-f213-40b4-a036-df26850528de} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4632 21376c58 tab
    3⤵
    PID:2436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.9.1714567834\850680346" -childID 8 -isForBrowser -prefsHandle 8832 -prefMapHandle 3628 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9eb9cd5c-c315-4398-b6e0-ce68f0c5e60b} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 3784 1a697758 tab
    3⤵
    PID:2984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.10.79854452\510467609" -childID 9 -isForBrowser -prefsHandle 4612 -prefMapHandle 4616 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c05d623f-a393-4563-a7f2-a4f6f5a028da} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4744 1e725f58 tab
    3⤵
    PID:2328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.11.2106595681\1950708315" -childID 10 -isForBrowser -prefsHandle 4640 -prefMapHandle 4888 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be2d1674-ae12-4f6b-9ca2-6dcee765d9c6} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4936 21e20658 tab
    3⤵
    PID:1156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.12.1203545083\43722657" -childID 11 -isForBrowser -prefsHandle 3828 -prefMapHandle 3832 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dd03068-0742-4925-b5d5-5b6f28638321} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 3788 20d6a858 tab
    3⤵
    PID:972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.13.1434328437\795818804" -childID 12 -isForBrowser -prefsHandle 1924 -prefMapHandle 1932 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bad4c65-6771-4670-be88-34d77d666013} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4144 203c7d58 tab
    3⤵
    PID:3128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.14.1251533302\798269932" -childID 13 -isForBrowser -prefsHandle 3768 -prefMapHandle 4000 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d8990b9-ff4e-445f-ab82-46818bb7de5e} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 3872 21e35b58 tab
    3⤵
    PID:3136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.15.1972655393\615749350" -childID 14 -isForBrowser -prefsHandle 4088 -prefMapHandle 4936 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea5ddca2-a72e-40df-b759-88dc05ea699c} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4048 21e36a58 tab
    3⤵
    PID:3196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.16.577385901\1163879814" -childID 15 -isForBrowser -prefsHandle 8572 -prefMapHandle 8568 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50aec2c9-b60a-488b-a2ed-034f48d77fb0} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 1924 17fbce58 tab
    3⤵
    PID:3456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.17.1821896039\2071299378" -childID 16 -isForBrowser -prefsHandle 8348 -prefMapHandle 8344 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {71f0bf44-0e4c-432d-8378-aa5c8d53b0a2} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 8360 21004a58 tab
    3⤵
    PID:3496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.18.444872554\1477926878" -childID 17 -isForBrowser -prefsHandle 8112 -prefMapHandle 8108 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5dd89b4-5c17-4a32-9c0e-0af57d935886} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 8344 1fe34758 tab
    3⤵
    PID:3888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.19.1165557292\743243112" -childID 18 -isForBrowser -prefsHandle 3500 -prefMapHandle 3120 -prefsLen 27722 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {266a9289-1122-4e48-854d-8a3e9f162ade} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4220 1ec9f558 tab
    3⤵
    PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\doomed\6282

Filesize
22KB

MD5
05de166c8392d0a3f02a7094462629b8

SHA1
f597c653d6d9ae1175b3eca243c0bc09e90881ed

SHA256
68d6d97a8cf3ad07feb0db606c129d7d9fea3be88bc31fd14f6a4e9f74d817b4

SHA512
ddccaa6ef5ae81504df90db80eac8fc58cfc0db5962c606bd7cf34186d38893dda82a750af238a1459f6b88ae6ee6118d47fd060ba928715dbd420a81ffb0ce1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\doomed\99

Filesize
8KB

MD5
516c14e84284f3689ae8d50a17d5aae5

SHA1
d7636b0af7e33b884d0fdb1f562f37c78b630cbf

SHA256
7ea6a7ef947f4da539389e3d14da134b8ba79c90f27414c97c219d6e6307e133

SHA512
3d02da574fe29ef742dd78c9222929f54a3fb3185b61aa976c3bf32373198f05e0d70a5cf03b6fba3bd2f5caa0e8493b7ec64b46d4b0be3e25dc873153feceab

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
1.1MB

MD5
f2f69e5f7c05a08af9b4c1e62e880e3e

SHA1
832135f9c586400c5e0b43fe0fa4b6889a29b31f

SHA256
d221acc83eec18d40c39905236809fa853209118757b63f67f3bd29894dba9a5

SHA512
a4bc3652ffa2482d52b59d8bbc7f61016b0c108cc0794d270aa0e25ab1aa4218e9af92f678431ccba88bd6ba14839a3fa621c798e488c20ed81da17078e87a42

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
3.4MB

MD5
2e8cd932b778a2abdf201cb152d8c41f

SHA1
133c65f240c2c8dbd4bdc0d096be0479c7d6af5b

SHA256
c2cd972fc864786c54801aa351eacdc97bca6976ceaa6c35ef802a8ea295e0de

SHA512
f4be29981f6b5f8a096bfc7cf72ddf5ae4f987b5b4d4fe32532fb0a4d3a8d51413a89a9924e6d61df14ab3d3b663aadf52ac4530d4feb2fc1e627855bef4b2bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
16c63bd5cc0b4da77c2d9e4dfab22668

SHA1
9559be2b6f867567add4c81e051029f054a75bc5

SHA256
d187ea6637bbefea1beeb3a97a2d5a36be312ddc1e67c45e6dc694a5d5e055d7

SHA512
16b166b129c6875acc11a9a5938394d2f5b6a4e2bbb26fd2910d7e326e7e2431e3f8d98ca1ce4bb282531d8f97a2884c66f7964df208121e344f7de1e54ba992

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\AlternateServices.txt

Filesize
1KB

MD5
5da9553b01d73b7ac937ce32bc79505f

SHA1
05927de88e85338ee7072a8de2c6d5fea770d160

SHA256
22d5ab0cc9ddc294723ab9c235106337a29f351a8f482d3f761d5597f54c60f5

SHA512
888ad62d6e7d1f733b2af661f2cce064629f6d80e078ac94656591b5534e632cb2bfdba73b4608a4ff345425bf5024cd95ab680a1b8662aea994b716734cb9bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\bookmarkbackups\bookmarks-2024-02-12_11_i2XdQch5SZGRq1T1f02dOA==.jsonlz4

Filesize
941B

MD5
2e8dedf1c9ff0f0ac11e917b0b182827

SHA1
6f7642ac1128ea3fd63694d2d47c257abbe3bb94

SHA256
4b312f5de0fb12a3b1da284338325b405290b51ed6e47872146bcc259fb11973

SHA512
956d969fb2b780b3b6800e0faf3ccccd566e69896549b8de13e17932039a10a47fdcb39f49429301405c23e597d59a90685c197243c3243bdeef0331010eee2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ced9f3f1b10f894eba838f6e2896072a

SHA1
44a83a0d367a623af9efc16a207226d38a559858

SHA256
fad8de221fefda1519877decd905d9ce202645a7d142cf57f9e65d5b5b5b0de9

SHA512
ef0d5ab7eb957def1f2c373142ac6fe1739d6fa338896d93b7bd43322b73217918c5cb99b0b8274d6c07fb025c65f1477f089e31b283dee9e6ba1a0fd9ae7ad2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\511ac976-8846-4f93-9a8d-17686865919a

Filesize
790B

MD5
2c9d79f6edc7aa80521916f3271c3d7c

SHA1
1c655b03496034309f799418aad8b888485a81fd

SHA256
798e31e5e2ad6f3a02d924c7bd38b04eb92a66ddb6791851f5398dc8c0eec966

SHA512
f1cae4e21a177e3f8b8ccc7eb505d99b0aaaa0901b3a8b7262ef00359d9a20ee876a23242b0643a3c878d9d352f4165cd5c39fff03b065de53d41c236ee4809e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\c457dbff-2fe0-4a7a-b96a-3366aa04c3c7

Filesize
12KB

MD5
6c23269b2ce6901471a7fe811019a365

SHA1
ee842841b6d3f5c12b87060d54f976276b10f17f

SHA256
43b27d684a5b439a47b3f13f51ea447d45077e57948254d30b818da933816a6c

SHA512
ca7adf523212b133c3c966bb7152656d298ecd8834d6d5da45a4276c97d55c8e7053a0c7c533b3153cbf7a999e672529262bf86273e97901e6a3d810ca385c53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
2.8MB

MD5
40d07c66b777ee5d8a76b097bb3f0e9a

SHA1
ce2f1747fa55b1f49be87b714de2d5160aa224d9

SHA256
9fbff0c7e1817d3554fde195972f80aeddfb6c2fc3441845ca5eb6e61016d1e9

SHA512
e8070ecafbc3ef4b2e9298befe510017ea27d4591e193a1bdc768144a3dc0b56caec0e685ebc6d75251548faaa8ab6857e60d7c27416eca2d7d617ae0539d33e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

Filesize
7KB

MD5
acda409cfe6c6a1a5f7321366a3cb301

SHA1
cfa913c2e21568f55b3f3afc999486f33bfc334b

SHA256
a48835b046c49534a52f4fc9add247e0d75bbbc88b01d1ae9d69895c787a7091

SHA512
03e4fca18b262ad302cf76499258245b1625ff70e76c2f40e6e94c519d371c11860b84e13e2e1a7e1a676c57229981dbe6a63a2d6239b246d94747f8d8d403c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

Filesize
7KB

MD5
8982d29439d8df388092805982db669c

SHA1
53f07544f3d4f9c49e6cbdc13972513e7fafe4b7

SHA256
df653d1d04e5e5ebe02df129c29794bc3336480933a12adb52c8d9b8d53a3625

SHA512
bfc41cb9156765679557891fba745627cd78257b6d5ae60c30cfa09687f065cba52ac1f72fdf48cdab085139e725bf490aca35dfed8ac3d15390c2b3c95ac9af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

Filesize
6KB

MD5
feddeee88643b1c1ce56d1457b6afc0a

SHA1
4f4da85eba07f4e0fabbe947f84f21f9c50ac822

SHA256
da7e435ade96279241b085705b855bd667efb6f74f8490af2430d68381024146

SHA512
c4466c5a348b42c90e5d0fb7c097f37ed5beab4a30cc5529483d59ff18f55d1a7c0af25c98657e936ebbf79f15561e427b207832c1110662c742e297c402a0d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

Filesize
6KB

MD5
7a329f51b53e6ecd866b2aeaa8466eb6

SHA1
803fc98d3215cd64018db42463c12a0ffa385eba

SHA256
8f9e644095f8d5941d16b060525eac8b9de4092ebf490dc531f3707ab99c93ac

SHA512
fa1defb9aa991598f1f7b535658073977318e40a9acb34a197643c6682d895033b4ec36644389e14a3fcaec1d3489a0c6f49c784ceb254456cf4293c6f6064d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
11b5d211684c332f5c8d8227057e042e

SHA1
0e30244c7e5ce44c336a0c94ff291c8cdbc4e9d7

SHA256
2d13db64a9439db01e6fc72fc7cec83ff933a9008924c91780bf257ab60f124a

SHA512
8384d85926f9436a8417a9df9c89e79815ae0d9e124312a9edc5170c8f8d2bde097677deae8b4c0584909c4d3937c99a2eb1ba42abe08a338da463e7fe53857c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
63e157b3e013d4a4dd5bc7f77cb3a664

SHA1
2283f1515450334a67945931eaf4be88b25ffeb5

SHA256
759befaad6e66b382d1fb420135fc9b35781db69370c365022e171b665f23ac5

SHA512
8b71653d5f2d6af88fa0bf5fa746d5e119d72c91324381dcadfce3c3aca725004ed2baacfb75f9f1475fec65ebc1e000760215a180c43cdc9f835755b36acbb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
72e15505b6721393ef70e1cbb8211063

SHA1
f5d248a65cff47fa5098eb94eee0dc33262c868b

SHA256
bafb963cfdd7b6db973261970b9123828e1ad561bc4f325599f748c7a3c9b148

SHA512
ddf8965eb1b8d3e8921662ecae744f84ffc5b28485da6ea3bdcce353460de33f839d003dcaf2a9e8ffaf6f30ff905c08672e892b79aba7c5e810b9a5062a4bda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
96221674d344e6fc913304ae88ca3c32

SHA1
1a98d43b622c7e64892fa3505bf4e3247cd9515d

SHA256
c1aeaea248db098701e58fdcb25025b8f9e9e1af161128aa86a36a2445a175a0

SHA512
290bc1f3bd0a7056044afd64add80f0add4d0baa0def6ca805716b83b0f1cad80b8cee25d69c96e6a75e6b865ad532ba1d05b72a4ef982f8061860eabb52fd0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++oxy.st\idb\556220133rrae_su.sqlite

Filesize
48KB

MD5
821173eb54f9b2949542359fb91a9db6

SHA1
b7698bb7a634091bb981ed025c94f2da3a488f72

SHA256
68c49d4027f6e98ef3377e8921a51521d2af8ed518d5247742a154620a22f74f

SHA512
82601d824fdb465a13155a8f8a42e3b56986ce656b5de8996eb69c47295d2171da1cd17566788cb8c560a964e1ce3b03073dd3e29e1f4bcbc1e249f194a64548

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
19be8fda4eb91b2b3fd5175a0ac55679

SHA1
b6948b0497a2e6e5231b2cb2d87c91e0a7d21804

SHA256
d07b6f4e6a032b7ffdfee443424903627547707d4efd9d7ccf459e07288281de

SHA512
c79a662e79a0b8532a180f31925d09b85833d4da69f5f6614f0dabf8174579da12c63dc6774b32b8d858b450311f1fa3bf7b33936d52b44a354587f7cb63a210

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
d64bccf766362537dbf35c8cbd1280be

SHA1
28d92d0875cc71c6c4efff48bc2313b8bb52d657

SHA256
294dad9bccd240a8a0978e0ddef194068ecbce9b08496cf3ceb6372b41c445b1

SHA512
114581f15d5830a0e3332dca184c97cdab584ebd2b63093596e0efda14e9ad868f068db4de27a85b3a4587cfbd76f4ae7372f34394b8b997404546ae068cc78c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\targeting.snapshot.json

Filesize
4KB

MD5
2ccfab92ca3f24732ba5ced13178b646

SHA1
8f3f4e2b5b5586d58d6a0eb235e9c0c42df0f740

SHA256
2aa63d1f2d9d244327e562d0d27e909c5d4ef64ac0667dcfc4ab1d82bd48af08

SHA512
61a617b623b568c8ae71d628e3149da316c39976fa70886eaec578a934cf9d0ee1efdf65b770c9794540c3bd1cc368d04bc02100d921fa6dd74698b752fcd3ca

Download Submit