hxxps://oxy[.]st/d/YcHh

Analysis

max time kernel
1514s
max time network
1616s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
12/02/2024, 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.st/d/YcHh

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	192	firefox.exe
Token: SeDebugPrivilege	192	firefox.exe
Token: SeDebugPrivilege	192	firefox.exe
Token: SeDebugPrivilege	192	firefox.exe
Token: SeDebugPrivilege	192	firefox.exe
Token: SeDebugPrivilege	192	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
192	firefox.exe
192	firefox.exe
192	firefox.exe
192	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
192	firefox.exe
192	firefox.exe
192	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
192	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 332 wrote to memory of 192	332	firefox.exe	73
PID 192 wrote to memory of 704	192	firefox.exe	74
PID 192 wrote to memory of 704	192	firefox.exe	74
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 796	192	firefox.exe	75
PID 192 wrote to memory of 2668	192	firefox.exe	76
PID 192 wrote to memory of 2668	192	firefox.exe	76
PID 192 wrote to memory of 2668	192	firefox.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://oxy.st/d/YcHh"
1⤵
- Suspicious use of WriteProcessMemory
PID:332
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://oxy.st/d/YcHh
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.0.424232434\1298479575" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1696 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aed24b56-2eb5-477b-9d47-52d53cf8ba00} 192 "\\.\pipe\gecko-crash-server-pipe.192" 1800 1ff11df5158 gpu
    3⤵
    PID:704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.1.1875409487\736850339" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a06fa3dc-9e1b-42a8-9c88-becff74d515d} 192 "\\.\pipe\gecko-crash-server-pipe.192" 2172 1ff11d03558 socket
    3⤵
    PID:796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.2.40361679\1767334383" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0701e1de-b31f-4293-a330-d20add4fa915} 192 "\\.\pipe\gecko-crash-server-pipe.192" 2912 1ff11d5ea58 tab
    3⤵
    PID:2668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.3.59104428\1560706088" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74971ebf-3149-42f2-b83f-5342c8a25551} 192 "\\.\pipe\gecko-crash-server-pipe.192" 3632 1ff06b61f58 tab
    3⤵
    PID:4740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.4.82594182\2037577977" -childID 3 -isForBrowser -prefsHandle 4968 -prefMapHandle 4944 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be32f04c-2af5-427f-89e0-52dc9bb4d6f6} 192 "\\.\pipe\gecko-crash-server-pipe.192" 4976 1ff18e49c58 tab
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.5.45468352\1228541934" -childID 4 -isForBrowser -prefsHandle 5240 -prefMapHandle 4968 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab433111-01e0-47c1-b749-99b4787664c6} 192 "\\.\pipe\gecko-crash-server-pipe.192" 5260 1ff06b5f858 tab
    3⤵
    PID:3656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.8.219986820\1193366757" -childID 7 -isForBrowser -prefsHandle 5604 -prefMapHandle 5516 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64050de1-bc49-4ec6-87f2-402104b7762a} 192 "\\.\pipe\gecko-crash-server-pipe.192" 4996 1ff19265558 tab
    3⤵
    PID:4576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.7.507793209\434817587" -childID 6 -isForBrowser -prefsHandle 5516 -prefMapHandle 5512 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11ec652c-e343-4ec5-bd62-b02a45a0124b} 192 "\\.\pipe\gecko-crash-server-pipe.192" 5064 1ff1a52ab58 tab
    3⤵
    PID:2436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.6.1042592696\1142315767" -childID 5 -isForBrowser -prefsHandle 4972 -prefMapHandle 4996 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8d6ff03-8158-4cf8-8392-013bc43d1c36} 192 "\\.\pipe\gecko-crash-server-pipe.192" 5096 1ff185e7458 tab
    3⤵
    PID:3996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.9.2058537392\1000276656" -childID 8 -isForBrowser -prefsHandle 9868 -prefMapHandle 9788 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6bdf34a-765f-4d19-9b37-f313520ed4c0} 192 "\\.\pipe\gecko-crash-server-pipe.192" 9880 1ff1a177b58 tab
    3⤵
    PID:2056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.10.1769937035\1504706828" -childID 9 -isForBrowser -prefsHandle 2676 -prefMapHandle 3648 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f2726ba-037b-45b6-9286-fd3f3e336c08} 192 "\\.\pipe\gecko-crash-server-pipe.192" 4620 1ff16b2a658 tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.11.2031576531\1626818763" -childID 10 -isForBrowser -prefsHandle 3124 -prefMapHandle 2688 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b51ea80-bbbd-4194-a15e-b47f823c222e} 192 "\\.\pipe\gecko-crash-server-pipe.192" 4680 1ff1a58bb58 tab
    3⤵
    PID:5168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.12.2012506505\15846205" -childID 11 -isForBrowser -prefsHandle 9360 -prefMapHandle 9320 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69e25466-7864-4d8e-a3d5-a34bb1700fb9} 192 "\\.\pipe\gecko-crash-server-pipe.192" 9868 1ff16b1dd58 tab
    3⤵
    PID:5372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.13.1155455276\1906852209" -childID 12 -isForBrowser -prefsHandle 9084 -prefMapHandle 9072 -prefsLen 26476 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91cf5c10-ecc2-43f3-8ea5-64bf16293841} 192 "\\.\pipe\gecko-crash-server-pipe.192" 9152 1ff15a4ed58 tab
    3⤵
    PID:5544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.15.275063576\1039857196" -childID 14 -isForBrowser -prefsHandle 8784 -prefMapHandle 8780 -prefsLen 26533 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {511d05cf-5fa9-4bba-94b6-6089501d9a5b} 192 "\\.\pipe\gecko-crash-server-pipe.192" 8792 1ff15a50e58 tab
    3⤵
    PID:5628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="192.14.460586316\1376267468" -childID 13 -isForBrowser -prefsHandle 8912 -prefMapHandle 8908 -prefsLen 26533 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {258fbe92-5e98-4c57-a554-f28c668ebffb} 192 "\\.\pipe\gecko-crash-server-pipe.192" 8992 1ff15a4de58 tab
    3⤵
    PID:5620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gjijjd1j.default-release\cache2\doomed\1560

Filesize
10KB

MD5
674c68216963d8d511a6e786a4323200

SHA1
b89d2dfe9b4082ce813dad6296a23f474ea408c1

SHA256
a0ec0983b8ee9a39a32fc1a3dda732bf37cbfe35a86602a9788fdebe027f7146

SHA512
7120cc84fbc339d6cdfce3d5ab72351155b153e93eeb3837f21c118dd02b81ff0d2916bf1fc039d6bda5516cfc7c6933f38c4e5227b1ead5bbd799bba08e4cd5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gjijjd1j.default-release\cache2\doomed\27661

Filesize
8KB

MD5
be9b2d34d667ad97bb038f88517ec224

SHA1
96dad9a5b38b00eb8287d4942e31738c81b364f0

SHA256
280b7cf92b606d0f48b51b24d1d4dd3ba6ef531d8e86c663ffa0428bbafd4945

SHA512
f0b2413d703c71af30918667eeb096c92bae2adf0cb6546583571051f8fc72ad6187f083fba2f63c491bfbeb8c383b2b443337c6dd16473203c9e8acd909b803

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
7.8MB

MD5
79c4f0a8a088cde39252673fd3f4b513

SHA1
7209a68fdb5101a7e11c0970da8da7df6b5c0399

SHA256
2847aba4e55b1e2e8e21b3ef781f5e5ef50b07231782101ed56671edcdceed3a

SHA512
8cba6ff919d0306e6c5b3409d7697103ce8f7c818553359ab809292ff5631ad658e5499e707834daf24a75ee345719c5c0059d757313420390567febdbc762fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
5f480aa44ed71ad66ba99b910fecd0ac

SHA1
8d31ae73fbadb444a619ff2dbfd82c5a486fca99

SHA256
c24e930f3130c23e8cf242864c4845f98a495ee06e96bb6cf0060c2352e40685

SHA512
e4f056e5d962558cc87abd5bb9973f8540c24b5c43a450834f284bf87b8551da159921663938c4648e065e515360ceb5b3ea79e069e397380d443460e333249b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\bookmarkbackups\bookmarks-2024-02-12_11_c7cm0FDMHwkqnr-iWTotig==.jsonlz4

Filesize
961B

MD5
ea4f407f3d9972369231776934059ba1

SHA1
a537e921371fc8bcf5b4768e3b0ac7dcfb66d9f9

SHA256
d21adbe07c724e800abc2ec3058be39fa91e6f5ea7234d24f0fb7b1ef1b056f2

SHA512
0406a0e2ffa5ad4369b4b782994e953905ca16b0ea06c99be7c8f8b9efb9e750f2937a23abc16c2e43b3bb3ddf8d7e7774e11c2f6dd20f20282e0c52d1e7003f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
0449b45d0170ec808551f95e0c0a0adc

SHA1
ceba0ce076affb9ae2b90fc6a4e0b26a709d939f

SHA256
65bd72642def11bab51b641fc3e660a126e4645e4b98dc326b6d06b49ed5a907

SHA512
db65f59047449a413c63f24c47d137bf637b89caa2ed9eafd17a734d19af0e90c0a4024177fe996f569aa522859931df2821c91d5254e5e3f121725b4918a444

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\pending_pings\82734f30-ce73-49ad-8f9e-4c9613230e15

Filesize
746B

MD5
fc15cba5b5c87eaaad17610699cf7109

SHA1
52db19c583c4efc2c36d686e150516585179f697

SHA256
f8803108bcd615f801a87399b2aa64a3b9907e97dac3c6b2ee033e5d2c23cbfa

SHA512
92d59685bfffe905724a90db4d474cce52bfbb20ac173d9c6a2f0d2e59dd52cf363cb163f72cada97a5107ef8f469a9a821eb0fc8e339d82b935b73347be519c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\pending_pings\b26879f6-73f2-4785-837c-5bbcf882f1b4

Filesize
11KB

MD5
1f641ce2b1525c71f0077affecec04fe

SHA1
47c9de604a171c6f0c54ed76759ae99f122236b3

SHA256
6864dea8c0ef5369838d627bb0929690d0f4891f80bd1c93aa661aa59b9fd3a7

SHA512
6ccb8eeeb56909b5c73958e5d384f6c75c7fd545359da93019d02f9707cbfe9b4c951d34039db8eb94e5d25ba8566fc73d34bde8f7d7939edfca798a52b61c49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
10.8MB

MD5
34ca31ecc3c21027e169836007fff7ff

SHA1
1dc881c43dd22e93631e69fb59b4ef4d15cdc6fc

SHA256
b156a8d5c0f4e475bc9688c348664dd685f26bc7d075a32242390c11f5bb9dd5

SHA512
2a07129040685fd23ccedd1d2c521f518357af100623e0eb521259cc7347f5d4ef1c135d200bae9bd0224dcbd9320d2e99e87bac7ebb503ac234855cedbbc4db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs-1.js

Filesize
7KB

MD5
409975be7e7d1c0cc023ddbc18a799e2

SHA1
49473e772307d48e2a512468868de2ce114b3a33

SHA256
b91879fa4dad8b7007fbfbd680bb3a0699e521a309eea5865c35c1862d939be2

SHA512
3b05f58c2e3f2222010261bf60bc4f7879b1cf0b5f0d88695f9027b3d2b5072c63c1879a3fdfdca7c61c0959c0520cedcd5a08844b028899bfef1e9e0ff6fd79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs-1.js

Filesize
7KB

MD5
925ac2dab1e976b3688bd21ebbc66293

SHA1
4e52d617a0cda4c079773231baee6c1fba8a0277

SHA256
4286e7665620b2769b1cd079e25373b848c3f2e266073e81e0269a7cf55850d6

SHA512
c36bdbd55ab8487874e4819c620fa237cf631f424697281473a894f2b461cfb33f224f2cfa2a1b5a855a38d7257d059ee83f80ae1860179ed550d96323fa2d9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs-1.js

Filesize
6KB

MD5
0f882ccdfa4d8824a9e746c262079b2f

SHA1
8c7733dcb158ec6556dd2888d667cdbd1c5fb8a7

SHA256
ac860f7df2e4a0e4cae66a3e316ff3a4537d9969f48a50cfa07349855641f3b6

SHA512
ab84b0d5c4753f5e48bdc53f74da572765f1a32233e3334ca45290737333dbe757cae846177b3ae136d38386c87528d29f089f0469b297b982a6633abdeda511

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs.js

Filesize
6KB

MD5
819953ca0eab97f97114d98f36925ae9

SHA1
c8430782b072e062b873bb0fba0092e3b4e45639

SHA256
16433d4a37e56b80684de1e7f2ac09391c08c6fce8deec8fa0d9ce19b5726702

SHA512
858c19ba4dbe0eeaa6ce8b5d9a5fe452019cba7293dfc9940ea725ac9769b082f702b39d54ca3bf1375d1e2f6f7f2a6999ed6bad19ede9598d4021599fdbf50d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs.js

Filesize
6KB

MD5
4d1ad078685fd0778e05727d8a7dc70a

SHA1
8410ba6944ab49bf301794f033e75c840bbdc4ef

SHA256
0642eb67c16f592e14a7b7c8bd0de8e82150f31fcc3e08d43617e132f256fafe

SHA512
c86f3dfc5302d708fec2d1cb83b4fe2bbd6293b46e3a96a99a65e3932d2d701f67b45a6804e6d96a0f222fec4fbfbd5ca43c6e6a6427f9d6011a483d6d8cbcb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs.js

Filesize
7KB

MD5
c8be5b1cdd5d777de7aea6e20226b314

SHA1
1a24ca0595024f83d0d75ad086b63a7ffd7e14a2

SHA256
ec7d1581a8316520048b9c7b67a82704573e04280c267495b5af235da7a55f4f

SHA512
46f62cb6292b97e082f071c63ee3df69fd79b033c66612961773a815520e046bf911d3b4a56bfe6c83510447a319b8ac1974f52019d99835b59a13d97302158d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
425f57b9e1d0c93c0bdb239d0946b61f

SHA1
bd6ca30de8bd0aa080b779861b45ac753cb83d09

SHA256
960ba6875bbbd265c1286b3308a7822ec5e3d80e300b7b2c7ac5231ffb9751f9

SHA512
338753fa9d664549050ffaa4d04e16b4fd3dfeb775da591a6ec7813cfb829153d0fb5bdc98b891979012fe8478ff62be4e85da76a816e2abfcc8f90148341581

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
8182ce092983ee967ebfd8879e0d9bf4

SHA1
2813d2244e0a4a8d40e91b460b9bfff1d4cbed80

SHA256
faf869bc876432760e2bc5cb46131afba80e842869cbec8a2edbbd68185336ee

SHA512
412400f31de99f78c066cec6ada48d31cfd777cf6503b4e956be1d6e3e7fb53f30d1485b01d0b747d560bf96b74c4c874a5614d1e3b34b4105a2e746e2d5aa58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
391d65507a100b78f1cb25f7885a69d9

SHA1
0ea7334546beb175e589d650d501a34d7a0345ae

SHA256
acf2ad99774c323209ffd84d804eedc0da9123d23bfc9709e2d04d4134bbcca9

SHA512
dbd961d200c86f7723bcdcd51d5ed32b6b4526a9860a849940462621954396f5d634961f9b51b6e91dd565fae10bb649d321507b7a8e8c2c295a5659bca25178

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++oxy.st\idb\556220133rrae_su.sqlite

Filesize
48KB

MD5
c9a6589373da965fbb43bab1072ce588

SHA1
613ac4a40da00849ec660300922067b8842a2186

SHA256
ad961347bbaa90e74c30417a1758c7c19de3aec1e924663131fea5aa815710e7

SHA512
d0415d716bef0dc7b18615bfdb1dfd3756a2504af045000c4da323d14eae36a0e3c3e3b737588e781168dcec1cb24fe4fa8dc272ca7cde2846a39b96c59b1a47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
bc4afedd8a74acb6e42b027f13a4bfa2

SHA1
261c3dc9a876ffd78eac2d39ed7630fb1603c8b2

SHA256
54d2ba463e04d72645d58eb08c97cfa57aab5c06ec7704083a3e17496a9e89ab

SHA512
1ea2c4a56ae0b821645e5a71a9097d939de0e4dc5b631079f1aa5243b875aa7e50307d03149d2e238066fe544e6ff7c040642607ff9720d832af64d186623233

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
2399e6f023cd32f108e1e346def7f0b7

SHA1
118fb275ef1fb3a8888b5a656b367cd5dfc6957a

SHA256
a7b233d1f2a4d5882cad75c772f9baa2b9158b2d337c7e989e54c72334656ad6

SHA512
7d3c52fb395b9c14d2fc24e2f9804cabfcfa572789d0e3a7a2431676895aa9525d46219fe1429f61732f2be041bfb0b4b36c583149fccc73688a173c0f0f6a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\targeting.snapshot.json

Filesize
3KB

MD5
659060be1b2659f6b1ee2e4d6538672c

SHA1
19676e3d4b876e7ab937ff84b22e8302dc1d857b

SHA256
a223a1795cae279045823e1f3bbebfe0976ddc4f09a51b9cd9cafba89af00195

SHA512
7b45e227847a4b450ac0b5bdf3b1c10b130bd395fbe2d0fe0309b33d2f3de9c7be34a80b5cf63594ee9409fe97d52b77c1e9c27be0908be3599a8dc4b17b27d8

Download Submit