bfd0d550a00474c2ddb9695f3cca4b1d2276cc979cf963d2a8e94e982dc14005

Analysis

max time kernel
78s
max time network
130s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/09/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vx2.png
Size

232KB
MD5

244a25276033e2af7163c8861efcf4d0
SHA1

93673f81bb5f3ec310211125e795e3aecd386979
SHA256

bfd0d550a00474c2ddb9695f3cca4b1d2276cc979cf963d2a8e94e982dc14005
SHA512

2ca4e165649b6a24eb481bbc0edfcc721ecab46d3e691e19fbb0e31b628a562637d1256203fe337c79ae9079185d7b5d3231de458ea724ff080773a167c58616
SSDEEP

6144:o6iZO5mRRs7Fm85hgw0N7Uc29EDp1QmJthgd+iJe:i6m2hgdNonyomhg4iJe

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3160	firefox.exe
Token: SeDebugPrivilege	3160	firefox.exe
Token: 33	3528	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3528	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 2860 wrote to memory of 3160	2860	firefox.exe	86
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 2476	3160	firefox.exe	87
PID 3160 wrote to memory of 1228	3160	firefox.exe	88
PID 3160 wrote to memory of 1228	3160	firefox.exe	88
PID 3160 wrote to memory of 1228	3160	firefox.exe	88
PID 3160 wrote to memory of 1228	3160	firefox.exe	88
PID 3160 wrote to memory of 1228	3160	firefox.exe	88
PID 3160 wrote to memory of 1228	3160	firefox.exe	88
PID 3160 wrote to memory of 1228	3160	firefox.exe	88
PID 3160 wrote to memory of 1228	3160	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\vx2.png
1⤵
PID:4256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a1bdeef-7235-4fb7-998d-781591223202} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" gpu
    3⤵
    PID:2476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e56b53b1-9c50-4467-ad2b-dd9ef7c6179b} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" socket
    3⤵
    PID:1228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2912 -childID 1 -isForBrowser -prefsHandle 1656 -prefMapHandle 1644 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5d8754f-bab4-4942-82c0-6435d4194b8e} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" tab
    3⤵
    PID:2828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3732 -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3704 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06b3cab8-cdcc-43b6-afdc-7c54a0fb7fa7} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" tab
    3⤵
    PID:2316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4468 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4436 -prefMapHandle 4424 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d78ae0f2-6a5a-412e-8483-9196d534e600} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" utility
    3⤵
    - Checks processor information in registry
    PID:4384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1536 -childID 3 -isForBrowser -prefsHandle 1524 -prefMapHandle 1424 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d638459-60b9-4d09-a636-1efb72a904dc} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" tab
    3⤵
    PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4864 -childID 4 -isForBrowser -prefsHandle 5436 -prefMapHandle 5484 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65ea88fa-786a-4e1e-ba70-a3591ef8b317} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" tab
    3⤵
    PID:4436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5872 -prefMapHandle 5868 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7e0e392-45d7-4bd7-8b43-298addc43c59} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" tab
    3⤵
    PID:1368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 6 -isForBrowser -prefsHandle 6060 -prefMapHandle 4500 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d00dc321-27f7-461c-9a72-191ddce2eb79} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" tab
    3⤵
    PID:1296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5992 -childID 7 -isForBrowser -prefsHandle 5888 -prefMapHandle 5616 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3e8667a-72fb-4610-97f5-0cd9a40af345} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" tab
    3⤵
    PID:1280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 8 -isForBrowser -prefsHandle 5624 -prefMapHandle 5612 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81d3d401-dd9e-43f2-a300-9c05bad3fda4} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" tab
    3⤵
    PID:3040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2892 -parentBuildID 20240401114208 -prefsHandle 4092 -prefMapHandle 6316 -prefsLen 30530 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6009c5c-f652-43e9-8667-1cc025e1fab8} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" rdd
    3⤵
    PID:4560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 4088 -prefMapHandle 1268 -prefsLen 30530 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a8d0c99-c2d7-4680-bfc6-b8a394346622} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" utility
    3⤵
    - Checks processor information in registry
    PID:3680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4292 -childID 9 -isForBrowser -prefsHandle 6068 -prefMapHandle 5720 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {699db286-dd29-4704-a48f-5f7873d103fe} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" tab
    3⤵
    PID:448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1776

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json

Filesize
29KB

MD5
3b1ece8c668b25764b6ecb773f88181d

SHA1
23cc0d985457c18876ee0df3f41a5c76d346f330

SHA256
5933ff5c50282e793137bbb01e7f7c0eac103a2c0136a884030d3af39c55fd2b

SHA512
f510ccf92a54faeb75d6ef3132f3ea30f66ca91b02928d8868827c5dbee29746ef163780552bf5b7a3d01c4825cd9bae0729269d3f74ec5d041bece4020d94be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\25ABFFBD3350464574206F51A623A118CF97575F

Filesize
14KB

MD5
33bb55196ecd6f4e6b7a454a5900ccf4

SHA1
ee80235979f3b390c2204a0bbe0cb075576a27c5

SHA256
c8c13b45d62ec0aeb1aba3277600d696acca0ef2f92ccfadec21e11164731fe4

SHA512
7a6459b18043d18d0b8ce65865fe947aa80ee7844b4cd78245869f59de3e28771c854099e45191075530846915b0c046082eefb7aae4dab654738a0da80263ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\3A5ADE2FCE6D098D4FBFEFC5C47CA6B6458F583A

Filesize
6KB

MD5
44957e4bc4d240e22a22411e1b877dae

SHA1
534815125d92b6e822c74c6a9916af26b5955a8b

SHA256
270333eff7e6cd8e6bae628163985b2a95c29f8dd9cc7792ee1494f2347d8b6c

SHA512
2b0517d3a1a8cba2bbccc6a8939d4caf076151abf04ce5e99d611b1a97c0f5fca2ac852977089f775c0c3fb60c0a952fa3be099058bbc69e9b130cb355c41844

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\CEAA45F9786010FB50033008C8BB7D7980F713C9

Filesize
12KB

MD5
27f2dc760dca4e1a820f488cb2b18cc8

SHA1
a0a7352de42cb87a3fc8ed9f3b6d84fe0ddaefe1

SHA256
10a465ffe61b989dc237b14f9ac4caef341c032cad85a6d1860f26ba482bf40e

SHA512
533678893b4dd0d53551539716e7c897201ba77b49b65388c4d26bb9c66db1fa975507d55fc37fcc0936b954e65bec1d6bda1304894a7b7ddd6560223f0bf77d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\thumbnails\6721e571b8c8b5954a42198af9f1d571.png.tmp

Filesize
6KB

MD5
dfadd52008ae8f5dd89a4df2b427104b

SHA1
443f970a1b7b93b653c09fe5c8b154a3a5a31c81

SHA256
08cf45da2921dc86ebdc11321d14d07436865db74df76dc959fb18ff1a7c231c

SHA512
2a1a812ee31574ce84a0892ae98ffb2df3117ed74564b88430a67a019d97bc12c2ccad302a88f995d268c4acbad0267d709f33563685a3f4d2ea980071d3622a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
6KB

MD5
cc15dc8741aabfa4053ffc708d226b74

SHA1
1ae41df41b31b5eebc152818b850bf34ad95aa39

SHA256
56ef6f22f8e052c4ca5c761a39fb9f2b44758253100ce2050891999da3722feb

SHA512
4c10272f36e921b328d689a52c77ca5e1b74e5732b7d47ea3d11e8381bf9d8e93b2b768b17db315c2c867b5834df5aae827c6061285b58aaacd345271887e604

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
15KB

MD5
bbb02c6dbbec35414d2febe9cafa07ac

SHA1
ece28ecef722e9552463b86d2a82aba6f8b4cdf3

SHA256
5c1f3bcbdd2b8c05677a314372d391a50530c4f167d57d8ed3a1bd5a4d30dfe7

SHA512
6a4ed26a92a2f9a54afdf464b19bcc00d3f878ee0b8634330a6ba79b1b99e8a4115e97173c49e5c9bd3d1a54ba666a48cdd21a812072a513683dc08f3336ace8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
455382e0814d756db80ea60954a67a55

SHA1
1d71482edf1bf60acb4f43b38a8eb41b80157ac4

SHA256
979090c001f7623d968d54872b4962868ebd508e64172b968bf9cb62daadb68c

SHA512
44d24c5bd5f149f43ad0610fda7c48a0573d9fd51a8c92964293dd1257cc825fed19629f1e0142e50cf01e4c02749ef248977336e39067127d36a1cd9124784f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
491e8d1370621553787878f4b6df4056

SHA1
35eadc0c12ffba5f8c91d5cc1c094dea60017f03

SHA256
d75bfbb8c9902a65645a0ec96c541bf931983f737cf2226d9530083f31d69706

SHA512
8a249499ccdef018b8c2955637812b3db573776e3192ca89f50ecc4195fe305638b44ee3e592377b2a80403ec60557c20b574e97d0dba8c83901d7ca3a0903ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
4439305322fdcb20014e355fbb6ecbc5

SHA1
256d77969747908ce525ae6d65a46673ce43d135

SHA256
17b8e7f2e41bb4c9997cc074fd313ef8582697a3e9844e0dad73a62b566fa56f

SHA512
f6727d55bf05cd1dbc9841f1981dfdc26f5bb02adab32b6c46ee6041c22b375b48f0bbc89f44666680e1dc4a76d22def489b902c7d5a76946e5f2f8a746146c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
3621a13f9ff40218fd107fdd7d6c25d3

SHA1
c94a5d7ec2e0a75d251c0444205d0c25d96f6212

SHA256
c46704e3839062dc3ce7bd656afbddd040bea90707dd134a72e37d4b985920d5

SHA512
3d857c6a88d0ba485402457bd43cd04c5a8ad63046ef2c5b18bdddaae305d949716f05ee78352126cf0cdf83198af8d69310bea86c226e7a89b5e7834a0a2416

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
d687f98f777111aa10a14273695a6108

SHA1
1735f5fc75c1417c84f3b6014769c349dc77ac54

SHA256
af04906e6f8fbaa532c73cc6502791bb160032602ef800600decf618c7b566d6

SHA512
d7418df198f9eb5c6d26902111f2aa86e2faa436c8081ea1cec1a0aca76ba62c54ebf99dbab982fee8f86368a5f606585d2da9093845e8d07ae3d757537ec400

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\45bfd531-4f0a-4db2-b014-54f17cef3d62

Filesize
26KB

MD5
9bbb44bcde0b7982fadbd6ac173b8d27

SHA1
7d16b61f85984604ee828c6819d88acdc1cd8f4c

SHA256
9ee213c4aa37f00b0ade01560017a332f9d050946d491f696277cfd568254546

SHA512
c971c5ba967fda38236f9f0c609e70cf0839fa1dce25d46da1f692e6165968155ac116edeb3d747360e8307f3f6b436d6992d1569c240be4cde7f43bad57d3f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\5ffc472d-41a1-4675-80b4-30f657d3f7e7

Filesize
982B

MD5
cb0c916e122c116c61bf7a9f29ffb31c

SHA1
5d3c99c8d958c219faae8d0a08c57d8fda8cf019

SHA256
bdcf8658d04f510fc36e52b37b29b1dd4871302155d60e6336b8f12a063c9315

SHA512
d7c36afd3343cf95d0268cce73b9df10e0fab0d4344028b3b894b3e0b3369b51d7bd8c4e561c794d468deaf916723eba7b1ee03808657d1a882d16f4a3962173

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\74936a02-6818-4010-ac4e-de3fbca5ddb2

Filesize
671B

MD5
2d9ed0dece09f3938fefc1346ccd6305

SHA1
0769e8037439ee5e585876888e190f6d88f86b6e

SHA256
bd68388db34fae3b2fad1290294af53ff9778d54240d42ce436a7e3497c9147b

SHA512
33cc19fb214abc834ee3c18cd820f889d83f7b6307c5205a1b50a384e6166ec331b812d7bb0ccf1b3ee52a918caefa862f5d560edb6f08067c33560af10bd472

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
3e3d421c3ddc7153784533b3a87a962f

SHA1
b5157fcc1b2157b81ff46300222b0b93a47c4d01

SHA256
024817b5e1a123c7f212b37b7fd34b74a0d98f9b33b8b063ba0a47bf79ed86ca

SHA512
05a29ce2a51455d5d3d4aa65edb4defed67d1104ceaf159cc1a60e1126ec4e5d71975ec0424e26c495c9f3ec7f6e06f6d8e5002bafe92a518684922cf9840429

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
43234a4ff8c444aed9225756c20d21f5

SHA1
54a7c6600083d5a6df940c1516aca70a07a1b367

SHA256
3396b2b9691044f610b18e3231a69eeee631737fdb9418b465193ea97707e2b1

SHA512
99a8018a1a240b19ee33858d85e9fdc21b7f0c03b77419f2a92b412af973f648b446c77258ac1720165cf80479dabce5ac7f3fe9f94c2078159fc726e302667a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
573ce06c136f8846e73214b57c2e6fd2

SHA1
987e28992d72f31d756a4682d475c51518fd2475

SHA256
b1718a95be304f679a6bd2e47b1205d69d70b6ae65e50fc34c400019d7e431b6

SHA512
55e7da356bf81cb6f24207918b81d13999a7aae91ab635b5d1252429cf9e8227bb0873a63efce25dee63ae901ecd0f23c3da8134a5b546d666fb8de2fcfb4da3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
09130a7d62ddf2808a094ff273e1e638

SHA1
42de7e6f038ae9a09f67c47d4e2073618dcba488

SHA256
48bdd2e02a2a6dac7ead031b0e9c3bec6f94f338882abbc928b3dda46d8a19ec

SHA512
949672401b6596b96a52ac6ff156d4b5d50be3c2376b3df6e704f8b5a38939e8fb711118fee675e52fd808b90af6cfeb7667fbc5901fdd3e2afc344942740adb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
de0cc73b01693545195abc1573b4168f

SHA1
72c320548972da46d05feb4d07d30e430d83f0b6

SHA256
407e197a674676f07f765ddb0067e9f5bb611a61ca162aafafef6bc3df79421d

SHA512
b475990d56fe5754d66bac909288897fb6d30ee1e7f69dc87010f8bd98d9206d73d12f2ca46bfb621b6c7514723cf91e7025969cfab06fd09dffe99a454b5bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
622781d3014cf3652490aecdfdd8dc9a

SHA1
763c1e5f7b4e8535cf05adec1ed5b761e1cf1d26

SHA256
9ea4ab446ce9174048929a60550a6be74f30e01926c78ada3a69c53744d8781d

SHA512
6f1737f95227670cb4a970cc55231da27490c198ba5b96ab52a6a703e7f29d6cb4d124d85b58a43f8cc34816bb580ea64ff6169ceafd7fc1a690d24c300de33d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
519504c5ddf00d86cbcc73530ce65e67

SHA1
e3b43f9de0b2cd7e07d81b1192d50ec7979a4940

SHA256
20f327c2f7362c5ef7f5d7090c09ec2ca5a796b9f43a71e2c7ba23b5e7ed4aa8

SHA512
cadf438789afeac99918f6f8f54acdea231b8562d92b14aecf0da3c148423122d350b1c5eb21647407a91edccd5e1d11a77964b193f7359883ed37a065805bca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
7dc5dc2440cb4bf53d4839b32e2ef726

SHA1
2360863775d2cdaef272843538a24aaa6c67bc64

SHA256
34b80f22a975f85413d00983da2cd169aa0b22bb9cd291d18c733b739e7df4e4

SHA512
38f28edfb925f16424025f6805184bf2d22bfe819ff1938781b132c9801414d019ff3c499915760e01496b94359a2ff68f8cdc20db7810bae3511a7b391cd269

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
39036f513ddfa6b444defdfe91fc3477

SHA1
3d715b0b887cb60847d8cc30c134aa36c2b056d4

SHA256
0eca360e779490a85318ca5814c1af3f14162aa30ecb934311de02b436ac6f4d

SHA512
b6a9833b784b75416c577db3605daee250b68153c1db60f9d478b3a1b905f466a5ee87278b45f06b10e71053387599f2c7c6f68022f5c649f7d6cc88c7786703

Download Submit