hxxps://oxy[.]st/d/EZGh

Analysis

max time kernel
1513s
max time network
1503s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
12/02/2024, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.st/d/EZGh

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-771046930-2949676035-3337286276-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1736	firefox.exe
Token: SeDebugPrivilege	1736	firefox.exe
Token: SeDebugPrivilege	1736	firefox.exe
Token: SeDebugPrivilege	1736	firefox.exe
Token: SeDebugPrivilege	1736	firefox.exe
Token: SeDebugPrivilege	1736	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1736	firefox.exe
1736	firefox.exe
1736	firefox.exe
1736	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1736	firefox.exe
1736	firefox.exe
1736	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1736	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 3696 wrote to memory of 1736	3696	firefox.exe	77
PID 1736 wrote to memory of 252	1736	firefox.exe	78
PID 1736 wrote to memory of 252	1736	firefox.exe	78
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1056	1736	firefox.exe	79
PID 1736 wrote to memory of 1080	1736	firefox.exe	80
PID 1736 wrote to memory of 1080	1736	firefox.exe	80
PID 1736 wrote to memory of 1080	1736	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://oxy.st/d/EZGh"
1⤵
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://oxy.st/d/EZGh
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.0.2045079659\812213605" -parentBuildID 20221007134813 -prefsHandle 1760 -prefMapHandle 1748 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae56b401-245e-420f-a7a0-94f5a9c94bda} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 1852 20aff7cdb58 gpu
    3⤵
    PID:252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.1.594812974\255316258" -parentBuildID 20221007134813 -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00fc165a-2abc-456f-ad09-0904e762bdaf} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 2248 20aff2e3558 socket
    3⤵
    PID:1056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.2.1466559137\45002082" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3016 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {960be9f7-2695-4049-8323-87c8c04a02ec} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 3200 20a871ea558 tab
    3⤵
    PID:1080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.3.1057775069\1544905648" -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3720 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91b6f4ed-cdbf-4600-b06a-67609a4c270e} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 3736 20a88240b58 tab
    3⤵
    PID:4656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.4.700859912\1679578012" -childID 3 -isForBrowser -prefsHandle 5092 -prefMapHandle 5040 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f74dd5-c460-4056-a66d-a08c7136524a} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 5084 20a8a2ef858 tab
    3⤵
    PID:2316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.5.322453971\2141100176" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5316 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ed4aa8e-e245-4c21-a92d-158d05e9d065} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 5340 20a8a063b58 tab
    3⤵
    PID:3196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.6.1602398224\1527920139" -childID 5 -isForBrowser -prefsHandle 5500 -prefMapHandle 5316 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05b9afb7-9054-41f2-bb9d-3dddc1bc9df8} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 5584 20a89ca3658 tab
    3⤵
    PID:2732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.8.452036096\984768123" -childID 7 -isForBrowser -prefsHandle 5908 -prefMapHandle 5912 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e39dbed7-a6f2-4d6a-8c47-fc3727523849} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 5900 20a89ca3958 tab
    3⤵
    PID:2460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.7.1299908163\487805406" -childID 6 -isForBrowser -prefsHandle 5556 -prefMapHandle 5252 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04509e3d-2bf1-4d06-8595-14333e1eb12d} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 5704 20a89ca1b58 tab
    3⤵
    PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.9.1337231241\1703548579" -childID 8 -isForBrowser -prefsHandle 10096 -prefMapHandle 10100 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a97108-df9f-4412-b9fa-73f2f384c8b1} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 5196 20a8a6f6458 tab
    3⤵
    PID:632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.10.1192194094\504100648" -childID 9 -isForBrowser -prefsHandle 5100 -prefMapHandle 5516 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b3a3340-8ed5-475d-ab3c-85899c1b41e5} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 10008 20a8b52ee58 tab
    3⤵
    PID:3176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.11.1337674458\210004248" -childID 10 -isForBrowser -prefsHandle 1612 -prefMapHandle 5160 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7df0a659-40ec-4c72-89d1-b6e0660342c0} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 1600 20a8b4d5258 tab
    3⤵
    PID:2692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.12.1203989973\1472063163" -childID 11 -isForBrowser -prefsHandle 9888 -prefMapHandle 9884 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd90fc52-cd7d-4e4f-80fe-ab20f358d40a} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 9900 20a880d6958 tab
    3⤵
    PID:2936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.15.1487880264\885567615" -childID 14 -isForBrowser -prefsHandle 9396 -prefMapHandle 9392 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e07aeeb-6805-4f8b-860c-1a2f6b89ebd9} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 9404 20a880d2c58 tab
    3⤵
    PID:4304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.14.556350489\137776820" -childID 13 -isForBrowser -prefsHandle 9588 -prefMapHandle 9584 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {deba7193-3883-4e9d-9655-b6efc3cc1bc1} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 9596 20a880d2658 tab
    3⤵
    PID:928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.13.1623794775\1389811701" -childID 12 -isForBrowser -prefsHandle 9720 -prefMapHandle 9700 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b4c25bf-f202-4deb-a82f-5cf17b9ea6b5} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 9732 20a880d3858 tab
    3⤵
    PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\cache2\doomed\15778

Filesize
10KB

MD5
f2a7a4e7c1e6718789fadb42d4a7bfaf

SHA1
2a8278be46dd8e5d7df861a0cb64926f84d59fa3

SHA256
6c0714955f9d11e4de558bd3641fd36c8d72c5a8fb33360438a82e3caf73e2ec

SHA512
a541d37befdbda6370876ca92abdc0a23389aaa8a8c5ae87b81fe07b3df76a1bace3b73728c0cf32118677fe3cf8118dedc992434252ea58ee21da4e9f09385b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\cache2\doomed\32483

Filesize
10KB

MD5
e30ec411c37bc5f1d8f18b5252bb53dc

SHA1
8df437bf98d2a03f91754478b3b6d97688903148

SHA256
f702a5f41e69b9cd181a4d1a55af63e13bcb85b6454e2cb074784c271a18d9c3

SHA512
33882f9d8a39feea2d362b0a51c382e0720bf2a85ab1ca974e1c45dd177962c28db9364bf1652ed4091a865908e5c9481ce1dd8cc1a0c2f5a4282cdf2f326186

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\cache2\entries\13EFA2A0AEBD2083A85C899358878A2DC2AD7C54

Filesize
41KB

MD5
8dc8798af45489e441d80399edb6d1ed

SHA1
c5071ae096a19d0a5f648ba67c6f46fd3d211be5

SHA256
f2533d94367c63c2b49356649d81441a1dfaca6dcf59698e32b0c2e6de9aac25

SHA512
f5aac660ce69ab0b18233339efbb9059b233a3e0649f12e7c302231b6661d123033915e58b338ab4778ebee02cd0e2e6bc64fc0aa684f829f780e41a25f3eed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
2.1MB

MD5
ac979dc27d307e986b9a1600b203eccf

SHA1
a62ef908b8ecf2822be5ea60559e093874f06a26

SHA256
b2bd8ecf0415f43b596d6eafb1f2f7a0a7d520e7c2ba09c8d98ab22ef23cf1ab

SHA512
9b90a70f22b5edffa22badd2ba1db3671335554be37f902dd65b74630be018ac7dbf44b02e39f64573f5434f6b801be616ae5d5169a5796cdd21dfd8102368d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
abb57fccb667c2568bffdb226a9125d9

SHA1
8a37478843cf614ad528525d0b7a3441163529a8

SHA256
fbed5df16c91a2a8bfe3a058d8ff6966ec585bc94f96fad75cd389d1c59266f1

SHA512
7fac8d465e51fdbd71b049a48f99ae01e85f3ab10b601029ef6312d910ad4cab2863e79e95a0bf95e4a3be311a96f976612017a61bd2b77d0dddaf8a9d3b7e93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\AlternateServices.txt

Filesize
1KB

MD5
4665aea3986e2eb34619f94136a2810f

SHA1
75bc0d0894253cd112cbbf51a5fdf07580da6c36

SHA256
8507b15a8a7cf9ce20334035f7e4b1d4fd96b9780de88afac3421c475c662717

SHA512
4c8729f99c7d63c24b234f46f99f82c4ffc50e7559b5767b70f59cc73d490d0a348d457819368a3db2542cc4f2b5b983442d7789cb88a26fe852252aa755cccc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\bookmarkbackups\bookmarks-2024-02-12_11_HgFlumBjpLvxDj3xQROsFw==.jsonlz4

Filesize
950B

MD5
bf6aca9fd69edf72055092da20679bdf

SHA1
9c7cb940e0745d189b2ca74869133f751669c9bb

SHA256
3e7cd6bd484b1d80060d2ebbe1f271c4ef01c82d85250f4aafabc1c3ded63e39

SHA512
89332479ed13e0d556b621c8ea6b8912ab0f75643e0f47c436e58f786a95918e017cfe9ee4e618e40b3a1ef21fc07e534eedb707bf3fa4a9e4fbb6b5e44a18b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
eafce800f7ccf0c708f13033e4d575a0

SHA1
4bb9292d5565209b2a7995d5efcc9a33e0cf58a4

SHA256
bdd4c2d51a8a62ec8c7b9a7e176f38d4529e185709ca76a7271641274254fca7

SHA512
1e103f2cfe089c86743da53c5584ad8e6663cc3fb7e4f8e6b37dda1b9ef0cc60582cf14ffda266b3b9a3af4aab1cbbb94963d0871d7ecaff27c21cf200d69f3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\datareporting\glean\pending_pings\1ceb254d-c773-4122-910b-320a839553ba

Filesize
11KB

MD5
be64d6513af872cbc022bc72eb50a4bf

SHA1
81ed1d9e08022faf948f62e1414300eb870a794a

SHA256
b77efca9e0d050c4384509f3b7d59b6a9741f382f0fe9f119d6e672a10bf1b88

SHA512
112c9371434ec3acba7554f820272acc71bdfaa8d747a4ffc3c19708d9311643abd4cc2df442c924153c45a53bb5a8e3c158799631fb211a324d310a8c3111ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\datareporting\glean\pending_pings\38a6736f-5263-4a3c-a77b-94db03fb77e8

Filesize
746B

MD5
8a462d552d503705c873ab0ff1451bf2

SHA1
b5c560e22ace1ed8470ff1d59acb4a991c6ceeda

SHA256
748dca50a714879e141cc681f7521ed5046a81403bba20f650c236d42a89d582

SHA512
5b97b4e9b41bd783afa5cac1763a6845f40abcc01f35fe8280141f04b51da32141404e1555bc620e1d36abb9638a3ff4c3bca779d6d89c3d8296eb9c63fe9811

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
2.4MB

MD5
ca5a1aacfa2aa450dbd18c12cb933961

SHA1
833c8f942e4b27d9973b2be35d3ceaa991c27915

SHA256
6ed6f305cee38090aeb8d86d1d6b647a193f3b1c3f18da624f52bd02f919a1fe

SHA512
3fa1f1446eac99d93b9dcd2a2ccc2c44221c6a064c270da0f6ee1f38b491085b1319b7c3031e2c320c5907a05843771d174f305bb1d8fb1ed8e89251d066b1d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\prefs-1.js

Filesize
6KB

MD5
b010d1c59ca4f082ae0713253b256891

SHA1
a4ee2c94eb7c0066e0264eddfcc98aedf7ef5f4a

SHA256
455a7a4634b7e68ce826137b3c3880f25b24a791525055502bed3e52f97d5d93

SHA512
e08fdf53fde4cc92c25f026002cd172307f3c2ad581f16acf39e6b81c0ca94748dde7b7ab8c782026b094f6e400a78d59e8fd39344c173271198e24297f00e70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\prefs-1.js

Filesize
7KB

MD5
bd1d39592be99b852c71634d94663e18

SHA1
17e6a24c863ff44773359dfc7f3c736a4907ab60

SHA256
be578b57a0cef32912d872887c3eb4ef273d6a2c562e5d0b85c1a80f5b052bc3

SHA512
f39171c64efe9668bc3711e55a2981991ca3546a4b1860954c27849484abab9e3d2168bfd221c478f5138c6ddd83e9e2d2b9fc7d380a57d60338b3ccbacbd182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\prefs-1.js

Filesize
6KB

MD5
a29f2b2b722d9c48e541c3ba3492a377

SHA1
2e4e56a9f5ba4638e0680541540c4b730c96270c

SHA256
d8c1ccc5ed3dd9b569a2b9dca166b568bb4a241b779b6b503a51abf9d1fc964d

SHA512
778d9fc45d68a8cf52b817b31a731d6e6917135677c2943332fb4cf696b5bcaf967495c1afca76b2a8cc0028bd305a9c0a5cb271bf2f34c68363d0544f2ff92b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\prefs-1.js

Filesize
7KB

MD5
e55d664fd91f6285aa7cc168cdb77ccf

SHA1
b13bd4ae114bc8de8067a9b407cc826b002b64b2

SHA256
45974a0897cf04dcf839b2650ebb42b0588d0d6246a57470a3fc23fb26cddd1e

SHA512
db29a23d7dfcb3d6d7298015bf987aea9c9c89d0b67c7eab7d98a106736f98b31ddceb091b88369f03a283ed3b28c5805498ed84ac6ebdbe92106c0a07457b08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\prefs.js

Filesize
6KB

MD5
262abe1ced242cb86d94142d643d2c6a

SHA1
cb76c6c1cfe473c0bcd15fac15a950e003afb005

SHA256
6cbe27603de1963e344410372add9ebca731f2a5e36ac5bd23faec90af143213

SHA512
1009677f9d6fb8ee5559382e2170d1d9b419294671af3d993d41f95d9729bec00ab747a2e63643a513fa4e821f8375ce2d83370bb45f2356f4137e402729045b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\prefs.js

Filesize
7KB

MD5
009a57ccc3b7231e9169316b5ff48c28

SHA1
8ea1d2654b8b5518a2bd9c8cdcb355bd68fac614

SHA256
dd6419242905ef45e7bbdb6caef66972b0dd942e65f1a86d3811e0a95a130d7a

SHA512
aca9d1cc31bf30d671bb857f9aa3d70ebe5a023c749614fbc30a8b335066a038a42911ce835475b856654f80902ad50dda9e7ed869128ea391dee0f4d23a469d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
17de0dfcbf591d5559d24fcd0afa9f63

SHA1
884f71366cba0f8f45a7699f666d0078d7c82d33

SHA256
021bee69c5018b07b3e621fe1eef59341342e5b805e1c1795727da0e0fe3693d

SHA512
5d9aec85eea4df2214f88f4df5a63593d10e9f0e8a22bce6a02dc0fb03884beab95d9e83d8aa3b6394480b5172502841dab759e28f749a15aaf1848f3f2fc211

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
7547e6a845e1ef98a8354005284945a9

SHA1
db6b09efcf7e0bf9035227e1df618ea9196f9768

SHA256
de06adc7a79a5a6a77f9481af1e787948ed17a92d35c448aa780442b9f746dcd

SHA512
99d6bb7d0ff7baa3275255a425855d4baf13c880749e8ac6bd438a28b7a61e3a8da592b2b90f302a081b4c4e00dc29a4debfd1d83c332ca00444b760f77bdd4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
036b5c5b45c6501c43297316eb940520

SHA1
4c1ce4c7d15ad123c126612c025b67f2313b4a3d

SHA256
b390469e67c58045559746175a7bd0f7a474506ad8343ac50513f46cf733a5a0

SHA512
7365c725e07f7addef04c2536c8d15c5f19061ac8055f48da877128b6094f1225435682f5097f1af64c3295eaaecd143fe85a17d796c1d764b9636d93178574a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\storage\default\https+++oxy.st\idb\556220133rrae_su.sqlite

Filesize
48KB

MD5
895c764d923500d61dd2155b00043088

SHA1
1ed406c20bb675c9416d3e93925603783481d8b2

SHA256
567506a0f2d918d6c29e8fde63ce1943a8a4678b1586fed82ba0fdc18fcf00c1

SHA512
dbc470eff3478a58f6a7e2411b9a6f240e4ac042cbbf84efb7a99117b15de041015a6d54000587cf14fa55ceab4f87f47263a43278601706990bf42ab055e4c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
405a07e6fe72f88635472390f4d61e52

SHA1
a8707ef186a9dd55e5a572028f9b00b22df8d91d

SHA256
1a4befe4559742e71feec1ac8e6c5a46e96bea59a323cc65f1928b3766df1d96

SHA512
4f966a446f6898eddeffb4ccd9f7624942a12065d917863bd8893a476fb0aa95772100b0ba0105a76292d6c5cdcbbcbaae1a4de033842a65e349400fdc66bdff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\targeting.snapshot.json

Filesize
3KB

MD5
da69834742c998e31021da82c8355b5f

SHA1
e6d3d377a23f29f5aff3e4cac95070353a50d268

SHA256
3f80bd096916fa3585f12b736205499b6a238852b24d35f8c2f91b028c89d091

SHA512
0f001eb7df215fb2753774e03a65887715aeb702e6513aa72daf8438fe9ef2b4f69576f7f44ea37cb6eb5bf516c708f5b395fd063d768e661f6166e136b7192d

Download Submit