hxxps://oxy[.]st/d/YcHh

Analysis

max time kernel
1561s
max time network
1675s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.st/d/YcHh

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1912	firefox.exe
Token: SeDebugPrivilege	1912	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1912	firefox.exe
1912	firefox.exe
1912	firefox.exe
1912	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1912	firefox.exe
1912	firefox.exe
1912	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1784 wrote to memory of 1912	1784	firefox.exe	11
PID 1912 wrote to memory of 2892	1912	firefox.exe	29
PID 1912 wrote to memory of 2892	1912	firefox.exe	29
PID 1912 wrote to memory of 2892	1912	firefox.exe	29
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2780	1912	firefox.exe	30
PID 1912 wrote to memory of 2856	1912	firefox.exe	31
PID 1912 wrote to memory of 2856	1912	firefox.exe	31
PID 1912 wrote to memory of 2856	1912	firefox.exe	31
PID 1912 wrote to memory of 2856	1912	firefox.exe	31
PID 1912 wrote to memory of 2856	1912	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://oxy.st/d/YcHh"
1⤵
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://oxy.st/d/YcHh
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.0.456561002\120915425" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1184 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba1dbb01-1c0f-45b4-b696-025ec500a0a2} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 1280 124d5e58 gpu
    3⤵
    PID:2892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.1.1057785679\1859774888" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7ae3a8e-c3ed-4945-bf2a-0f5f4ff0dc20} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 1496 115f9258 socket
    3⤵
    PID:2780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.2.1346616948\1848199109" -childID 1 -isForBrowser -prefsHandle 2112 -prefMapHandle 2108 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87f6c66-ea29-40c3-b548-b900b838f66a} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 2124 1245c958 tab
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.3.1566446472\974259325" -childID 2 -isForBrowser -prefsHandle 2552 -prefMapHandle 2548 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f14efd5f-8425-4440-892b-3754839b1270} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 2524 e62e58 tab
    3⤵
    PID:2016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.4.367176202\553537039" -childID 3 -isForBrowser -prefsHandle 3644 -prefMapHandle 3828 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7198025-80ff-4ece-aa09-c9cd63304e18} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 3832 2053d458 tab
    3⤵
    PID:1656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.5.1438482598\1820361248" -childID 4 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c37606ef-4538-439f-ba58-b76a3a49e96f} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 3856 2053f558 tab
    3⤵
    PID:2488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.6.854801248\904857179" -childID 5 -isForBrowser -prefsHandle 1108 -prefMapHandle 1104 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53b8aeab-0b52-4a3e-8b27-f6c410805d61} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 3192 124d5558 tab
    3⤵
    PID:1532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.7.1871482482\688407142" -childID 6 -isForBrowser -prefsHandle 3976 -prefMapHandle 3840 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd1e3f60-a82d-4123-876a-3abc9ec6371d} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 4552 2053fb58 tab
    3⤵
    PID:2276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.8.131975349\1418631856" -childID 7 -isForBrowser -prefsHandle 8476 -prefMapHandle 8472 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdcdadce-957a-40f2-84cf-0ea5e0f0367f} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 8488 20a9e458 tab
    3⤵
    PID:1208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.9.1829670085\1733045687" -childID 8 -isForBrowser -prefsHandle 4028 -prefMapHandle 3948 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad2032e7-645c-4ba2-a8d2-398ae779ff18} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 4332 215a1358 tab
    3⤵
    PID:1396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.10.1734875256\355779344" -childID 9 -isForBrowser -prefsHandle 8432 -prefMapHandle 8436 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2951eef8-4852-4783-8545-3eaf5813cff8} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 8420 215a2b58 tab
    3⤵
    PID:2344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.11.455192466\1849877255" -childID 10 -isForBrowser -prefsHandle 3764 -prefMapHandle 3920 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24a9d895-34ca-4b6b-b955-7b025cf36fd7} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 8392 2053ec58 tab
    3⤵
    PID:2540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.12.1302145835\2094501137" -childID 11 -isForBrowser -prefsHandle 4456 -prefMapHandle 4452 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b18d914f-996e-4695-8bdc-f6ba1d7d888a} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 4468 2159f258 tab
    3⤵
    PID:1732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.13.1248155283\1437907452" -childID 12 -isForBrowser -prefsHandle 4428 -prefMapHandle 1960 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d836deb7-69a1-4cfa-8ce5-96deb23bc109} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 1900 215a1658 tab
    3⤵
    PID:332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.14.1161264571\1248337905" -childID 13 -isForBrowser -prefsHandle 8132 -prefMapHandle 8128 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {001bea54-9619-48b8-a21d-33a3fe158a83} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 4452 219d8058 tab
    3⤵
    PID:3212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.15.626150731\146688110" -childID 14 -isForBrowser -prefsHandle 7952 -prefMapHandle 7944 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3222f344-7208-4ec8-b6c8-4798b4d38f80} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 8132 220d7a58 tab
    3⤵
    PID:3452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.16.1120283381\1092129520" -childID 15 -isForBrowser -prefsHandle 7824 -prefMapHandle 7820 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85b89be9-7c99-4cba-beb9-5704ba62b7cb} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 7836 220d8358 tab
    3⤵
    PID:3460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.17.19119640\975095314" -childID 16 -isForBrowser -prefsHandle 7640 -prefMapHandle 7636 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6314e1be-1873-4351-953f-d663d12be6cd} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 7652 220d9858 tab
    3⤵
    PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\doomed\15901

Filesize
8KB

MD5
c442a5644f2c4d9b64132c24a03f536e

SHA1
c9c283b2e271f3fd870c3464613a1bd182c677c9

SHA256
088cebeea2b327bd45a4860f5bfec4aaacde4c9ffba01cc804ffdb5af4758940

SHA512
43f3f4128e37fd303db570502b168dc68e4e7bdb2205293d8c95915c5891ac05fcd2e87a29ced1cb2b7ae88afc0cd53a6180530c6058ef98c1ba9cf7b611e2ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\doomed\2056

Filesize
22KB

MD5
39e9eba6a0822736838a793c773d41b4

SHA1
7534165dccacbccf0cea9108979170c3795ee39e

SHA256
43d84b957771b8e15abec2bf8ab6136732cf3e869b4e452bcb80e31c573deddc

SHA512
ad5ee1070f7ec35677084149ad487d1e2b23563bca0a8995a065e778a8bcd4fe0574a6c2a18c7e44999fac74e041de401c0abe0a28592300ca4471be3296db5a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\doomed\30100

Filesize
8KB

MD5
195282dc71ca2390b8d89446a60f987a

SHA1
ae3389a40cab185d8acff83e6b940fd4ab00cab8

SHA256
2eacf0e6cf69ab2808eb905b04bab69e627192c6658c208efce07fd2d4c29d93

SHA512
5c1ae9854339212d078be32e2d22c630c9307547e18feabcf2cefd7b576404aad621ae82cbcc8dac576dcdd37ad6a5530e61d2cb33dccc3bf5ceb62d177bdac8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\doomed\9465

Filesize
10KB

MD5
9b635fc9810c7baafa8c2825b8af9de0

SHA1
38f4e02077f1bef6b9265964c00faab83f503267

SHA256
0f4c5794f8f5be1bbe8d058c0c6c2e069f0a1dc6ccb7e3c3555cbff21196f75e

SHA512
de4385d168480f837a684058874eab81848a30deb544ad47338155a0158324026b2d814d9a6fd8146b8ae605e7bcfa0db44d396c0ce36652ad0fbd5415022ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
3.2MB

MD5
c62fa839f292cdc5f8f5ea0a3046eb46

SHA1
1cc23250dee26bcf0dceaa4f29105b20f2bad692

SHA256
7455acfc1b67a788270ff72bc557b3fe1cd8a9178ddc50b1f97ff595beabd873

SHA512
2316a3778eaad2f94294e8fcda1ceea7717832bc290afa5289772513aea449be982e86092e5e31692150a063c6060f84cf96c5b5281395b560074adb69219d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
802c06b8dc5600ecee9bc7826337eb16

SHA1
b238e9e2ae84b79b7ad20860caaba29463ebed3a

SHA256
1b47dc7bbb5a5463a750ff28983a267bdfc3af78bf7c7d058190d993b2c6ba80

SHA512
f69e35e04d097030e0c83ef4ca71ef91961c85f75b4f3a14f935500aaf19c8ca6f3370289892e058d4f8e21f73b859db8c7d5133a77e4eb3421b80bad64e530d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\AlternateServices.txt

Filesize
1KB

MD5
08437ffc6a792e49fcefdb90073da908

SHA1
08a2e96acf7a7605e09127d584d2fcfb5693152c

SHA256
e13e0cbc596ded65cc73339bcf3712d962d248631763878c2540add27fd4afc3

SHA512
755fb13e410d0201705a034cd643f55c2f2760683dfbf11f43fea805cb7ff0aa46849c58bbb9eb42f99337d040de02a6e1017a3c83773a0dfe73749fdd5dfb13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
0018f279a542c36c2383cc3a40123b74

SHA1
3ed12fb835604defbc77dd5e5742d7cbca09565f

SHA256
d5d84d2e6a7f4817efe5ccaf036da3e05c09ed29b91d47f2b29d5cacec982006

SHA512
60162702825911a05c631afbe72a8e81ed81e10fb26240aa517f0e43c638987742308460142b9d3f85cd0945bc3d8a381f0151fe5d2bf74f9eaff59a1e1b46ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\bookmarkbackups\bookmarks-2024-02-12_11_s4nnB3eHCdQa3LANwYUc0g==.jsonlz4

Filesize
943B

MD5
f08b93ba2eac89f86a546561c0c3cfb3

SHA1
8145eb25c44625d5777a9069f8de54c937711674

SHA256
71f1ddc5d69abc71a1fe75ef3e983c6298d961c0740cd7b26d025cb04a6b9f46

SHA512
0a2bfb9a9d46ac265c0290f5a9caa9605a5fcb2deeb9ceea5ea371d7fbe2b52a53ff55490d9c90853a664615998834040349e5ee86ad10a9ef9fa7e0d447daee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
8c14a48c09e09cb1ad81ecd7c26ec881

SHA1
354bab4c93d22c0cd0d4b90d894757543942da10

SHA256
8f48f87d56b263b7261cdd0109100dadf165ca6f9dc2142f2997db447ceb1a5f

SHA512
c2751c0ed0c3791f8f12eebcdea986d179039935a65e034bde8c4cb53df41b6bf694e73969f60caca54b6f28c599d2746a247f078484892ab080fe5845d720ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\e7bfe635-178a-4828-98c7-a50f8a9ff847

Filesize
10KB

MD5
162c9a13aa5ffe4270ed37259b244e6c

SHA1
bf574c88564f31dd3ee1e1d50c661f7ecbaa19a1

SHA256
16b73898282b8ff83bf1eaebf63aa55cbec0fe50a068c0ceff6fd9503e686b18

SHA512
829f91f9854cc5caefbee9a5b3ab4c5bf50361ec8e4be27afa2ed265f0a2b565be143331a65d27342d775573577c17213034b3432dfa553f6b49be120d9ef819

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\ed03fb08-988f-42de-80eb-bc9a3885103e

Filesize
745B

MD5
61b8a9dbe8973a8f29e075dab45932c5

SHA1
2eb0a7d557bd3907e291c4f9d69f1c8e0d73faf8

SHA256
e5dc7b069e6de93d2cf007de7f88c3ae8b0181b931ddf51f27dc038accb1473f

SHA512
6205cabf5e424c1fcbd844d2a99ff1bba17a74010c124e63964b4091f8c782ade37f20ffd8b05a2af0c6581a1d2f04088a7cb6e1b13334fc2b2881c9a1ed2721

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

Filesize
6KB

MD5
191361e769fcf0940df1e3beb3e79b2b

SHA1
77654a44f1c238d923d22ef18e3ddb9e69779d76

SHA256
5f0a813ab4fd694c1f8d1cdd9c7654d6b390421414bb9820040b4897ecfd1d8d

SHA512
f132c795d4ff526f1bdace531bf225142d6d4f22f9be34bb9d7675ba0533160532f79ceb2df38bec252a0bb96035b861491e3b1934ea28b86589b1c601f886f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

Filesize
7KB

MD5
d450296130293f4c27e2cf2a54a293e3

SHA1
70c248ec40169672f726396bcd44099e046df2f0

SHA256
26e4039c9b209b637bbf3af6d1ad369a2647d6255a0684c88d7d5a9c13765f79

SHA512
1078c824477175db19b51ff84023a70d9f09de604c601932679ec6711304eb4301b722d6959c406ffe326fcef8cb7879f3bf8daa8e19584d6928a4f5a542a503

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

Filesize
6KB

MD5
8e5cc264d48da5f16853710887197ed7

SHA1
3e7e60d999daf20cbf9a176410f1ab240a997240

SHA256
ae6c1e10c37f2d1aca4f49d8045836c763897484a0aac23b264877ce3f1a7cf7

SHA512
bde07e0d441e279913be8bb2b52098301877fb420c7eb0f59f0105590691175c61b896c09c82b57d1d0260b810037a490c10c514e2de1302704e42beb3f99611

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

Filesize
6KB

MD5
a41c802c78a23bb8fc6da0450a13875d

SHA1
a59279e2221a675d745cae5034be9fa6506fbd52

SHA256
3bf0e6cea3ae7f69d7aaaf1cc05de6c59fb0e5607d686b1035df5e2701c9caf2

SHA512
90754c90669466c90c2284840ba67d1b3984e84956730b3852ab7a4fffa1487594ebd641a70727783d0aaddb0d5c8d57a4509e0e8293559abb44631b544cdfed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

Filesize
6KB

MD5
d968529f2db1004a81b74455adacfb6e

SHA1
bb02d4d46ed882f656e5e393c6e704fa1eb25e93

SHA256
fe008ae7d2cebf9f4779fe865b946f352b9d8aa8bdc9f93d0c12717085ab9c25

SHA512
9b0fcedea3f3945f0d8c4b5f5d4167be34c616e69699642a97e0c6b7f39cc933332e2035cf8d6f6112684bbb93fc268e03e7dae1035dd06077b462ac949162a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
c60878390de9e37bd7d66e4eba281132

SHA1
0a2c612e01cd0719fe40b626e85d301e97c8ab71

SHA256
a5d5d2919021cd39f9c2192636854f80ea6069cd9b744690287d200a105ff923

SHA512
797c7b345ea998c02e7cc90bb82ec4417dd18d8b65f6cdf8e0dc783309cc344357bc193ead62ef12e17cfe1a968fe48a4b6714c9f1c26e5663e7b1ee4f0e5980

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
e953b9b0c94a4e23975c161d642b9d95

SHA1
d631e51e47b897d1431844a00bbfef4aebb32b04

SHA256
ae438ee221c8b1a52687488a7a13738a51fc042b0f625834adf63fd34ac1e8ef

SHA512
7cec4a926bb5919acfef8a11cb0706438a40bd16de98ef20e396939f25fe5d084267f2f5b662ed4406400f74f04058ac5f3f47e9fce3cae8f3aaaffb80913206

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
7787fcdbed8e3f0415957c16f87f3fe5

SHA1
5ba469b53819dbd93ac6bf8c93f9b851ee6a9e90

SHA256
a1b9e547d37da3def970865b8da2ba1989e2cddc88a1db617c60169ff1af0ba5

SHA512
7c8c0488bd8a8de5db05d1b359fad4408284f219f06cd30dbadb0e0784f80087ad390874754b2ab3dcc09ee7d39b997d62599278593c54a1fb78d9da7ff1fabe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++oxy.st\idb\4219944671rlaa_rgeen.sqlite

Filesize
48KB

MD5
4add4d80a47ae6a4a5efa5a7dd88e763

SHA1
88324470574c7d0395d4d9a9d349d41082b26b88

SHA256
5d6edf42b97596840364c3902b505bc86f6d976e63f2dc653d982f2591f22ab3

SHA512
b38c11c173e768d4085cc7447081b466c493bf8c4221b2e665a797c9c6dfaf9d4152d371468f78b475b86e6808b79d19279fc73b8ec9133b0c28a2a73bd74d5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
dde035f9541af39ea6e900f59053a376

SHA1
5adc68718732a531f4b60e0168319d47fba0b228

SHA256
071f1cc5c86f51b27ddb7cf13fdc742eaf4f67b518d1f7b595086f038457b175

SHA512
72f56215f581293d0bc0ea9286993f87f35c09b48a57770bac3f765f98421fe4ccd9de2e6d88a1a356170321c4a0f83703879e501013be2f41de521b7bc9bd29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e51eda7108584002236f977eb9bd8f19

SHA1
178acf6e9a55c32a2330762c22f1d69c9980355d

SHA256
4039b24854badf5b8cd769f2bd7d0a9926e900885fde5e0c4b02755920e8e73b

SHA512
cfa8af9456cf336ef635f2a85b067842cead74c55ec474e76ffd21b81a2cf5ab018ae811e74f47edf55ca3afc3cdca2a114adb39cc9b3ceb9c31e31f21be24ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\targeting.snapshot.json

Filesize
3KB

MD5
92c0ab36c5185ae453fdb9e6b7598709

SHA1
a427935fd0e058b9067195d1dccd951c1b067a7a

SHA256
29377a365b7c3963ea7ab0ba358766f21a6de697a5d668555c3437ccb18c611d

SHA512
10dba1d7c3735e6f70b28b44ce10cbf6b0dfbba8d6fe682675e243d842f5505a87742b4d443bfe5af001cee3d156b66846f7ae8dfe371d099b30b651fdc254d3

Download Submit