hxxps://drive[.]google[.]com/file/d/1EntfsyIvY2ZEJwTe-8DJoX4BcqfEyheU/view?usp=sharing_eip&ts=67363048

Analysis

max time kernel
148s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1EntfsyIvY2ZEJwTe-8DJoX4BcqfEyheU/view?usp=sharing_eip&ts=67363048

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com
5	drive.google.com
6	drive.google.com
7	drive.google.com

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3900	firefox.exe
Token: SeDebugPrivilege	3900	firefox.exe
Token: SeDebugPrivilege	3900	firefox.exe
Token: SeDebugPrivilege	3900	firefox.exe
Token: SeDebugPrivilege	3900	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3900	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3492 wrote to memory of 3900	3492	firefox.exe	77
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 5036	3900	firefox.exe	78
PID 3900 wrote to memory of 4600	3900	firefox.exe	79
PID 3900 wrote to memory of 4600	3900	firefox.exe	79
PID 3900 wrote to memory of 4600	3900	firefox.exe	79
PID 3900 wrote to memory of 4600	3900	firefox.exe	79
PID 3900 wrote to memory of 4600	3900	firefox.exe	79
PID 3900 wrote to memory of 4600	3900	firefox.exe	79
PID 3900 wrote to memory of 4600	3900	firefox.exe	79
PID 3900 wrote to memory of 4600	3900	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1EntfsyIvY2ZEJwTe-8DJoX4BcqfEyheU/view?usp=sharing_eip&ts=67363048"
1⤵
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1EntfsyIvY2ZEJwTe-8DJoX4BcqfEyheU/view?usp=sharing_eip&ts=67363048
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1876 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d11ee8a0-68f8-477e-996d-56cb1c94517c} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" gpu
    3⤵
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c36d9dd8-1604-4ac7-9e48-f1df7cc6bd99} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" socket
    3⤵
    PID:4600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2884 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 988 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4874dc21-d4da-4c93-b2ff-5baa67d54c83} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" tab
    3⤵
    PID:3712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4012 -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 4004 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 988 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {637e5921-b059-40fe-bed6-f4ef9c4db1ed} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" tab
    3⤵
    PID:1992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4900 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4896 -prefMapHandle 4892 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b15046b0-5b59-43e9-82ac-df3941f38a1c} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" utility
    3⤵
    - Checks processor information in registry
    PID:2360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 3 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 988 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d5849a2-a4af-4840-9c31-6bb395f27078} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" tab
    3⤵
    PID:1468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 4 -isForBrowser -prefsHandle 5772 -prefMapHandle 5776 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 988 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f45e9323-7184-4bf8-9f2e-c4a794ef82eb} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" tab
    3⤵
    PID:4952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 5 -isForBrowser -prefsHandle 5960 -prefMapHandle 5964 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 988 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9b07208-3423-4f75-ba79-30d2a7e182bb} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" tab
    3⤵
    PID:1808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6268 -childID 6 -isForBrowser -prefsHandle 5804 -prefMapHandle 6264 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 988 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2cee2ff-78e9-451f-bfce-464485aa3108} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" tab
    3⤵
    PID:652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
dbca577feb40766999dbd4e67af40d38

SHA1
d623c0baf05f72391d9183f44bcdf432b44b596e

SHA256
80f49f1048fe08c1862be9abf943e76f68cb3bf94e2bd2b45549ea105379b660

SHA512
80f8f5e96950344643cbee26cb0b31a6f1cd5a72d868f87603fc5c86ae1d586a43629b5821f91485f978a40ca7508204d3c053e0ecf252ca474c1e64ba9fbcc8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
5f9b71df7e6d5b84eeffba99af84190d

SHA1
ba94dfd7d31c24e72428931ba73531bbc58831a8

SHA256
d4d7eafd6acaef38cf8b49b1691389a10a474de152ba6dfbe7eefa6c524b88f0

SHA512
650853f6c12d0f99be481645b999dee0d9080e1aae68ed0a8b9bebcff2ac225765cb8a118624d670797304e75cf3417995e761fc30d2459fed97e08c17f0dc75

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\74uts9gp.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
9595e759bf0b929774440d4e8c0b53cc

SHA1
1db8f8d21698733586a92c804816f3aa2129daa3

SHA256
3974bc456fc79c1e7c9ce73d3d537235280685b42481e60cfee0856278a7a409

SHA512
6003d070e831dacaa3a8d6d478abee631f310fb95f1223fa22da4af67e93d404d0cf095ce35ec9d8a610fb49698f9139c37c3e94a5e07579b03d8f33631d1597

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\AlternateServices.bin

Filesize
6KB

MD5
fda82193e03e53dabc9f070902bec982

SHA1
aa8304c6bb09a3056ccaa9266de077f9c38b24db

SHA256
d2c6491a5db151d9654514ca9541d58715549bba8edba598c340eea3a3b268bc

SHA512
24f7951c3ff4fe4570ee481508a1dc5242edd8c33377a22cca67f018d7dc3b73e1bc99c43fd76e08e6735de33d1d23931ffb20c3ff91bd1ffc1e37dc6523c7f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\AlternateServices.bin

Filesize
26KB

MD5
48cbcdada941586c6858db26c3c158fd

SHA1
41a23a84a8919db56e2250111282eeb6c4046533

SHA256
2253f4f943dfd8ad566adab5d5e5189b9ed402ce3fae7c922cf288a655df98d9

SHA512
2dd418234c807ce5b378d7ea7219e4db069972a856657272d7a89a4b688bce37c20e8d9da28500bc68516cae95d90c8d656b003c608c90b67bf00cb8d2b4b074

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\AlternateServices.bin

Filesize
10KB

MD5
12cd955d52fc77b73c6ac8ef622d39e4

SHA1
8bb72d0177097c3e3d4c16253b22502955e8e064

SHA256
2b5ed2297ad49ca16adeaeb1dbf7c433a0740efcd134c3011ddb006be73afe60

SHA512
aeccb745d65873d1d2017ca4cc1ce00c3fe0abd4f067e0cff6b1ebef1a67f61652d2b6eb2a8678e4478c884dc47ade2cf54cb67fa5638b8f683568797b5f9b7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ec9ace2e60fe2db6db2718216579fc02

SHA1
4c1f381dcb0572fe8c9f9332907cd503173e054a

SHA256
97ea3c45849a5d29cee47ec240c0f537fc066f433bd07f823f2315a02a1da2f1

SHA512
3c80187660696f011ee346bd2006e1b257fc9b997d0300253ccc9b8bfe6b4ce8dec14de1638cde8c8a147a51591d98f803f5b29061246f624e4d91c51bcc7820

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
3cd920af437272130c8373bb2e1b60f4

SHA1
8c82bf8e94023711588a5ca51febf9781bd95dea

SHA256
ed06fc2931a08dae1928a2e03354644f57fec17d7f882b1f301202b3a642d59f

SHA512
1a4615d177e68ba96a6165cad84946417a05c4445d7b1a19399371ccc983d8b822fa6ae65ccb4ccf47f7b4299e442a361b075d47da9273e5d0b2f0ea1ab18b51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
00f2faa2b17329185d8efdbbc4607206

SHA1
d1e7af32e04aee4206fd03558471642cfabf8c64

SHA256
38ae1e32414fb5263a116abdf28622ca5855898255f21698234b9e1eab7e7841

SHA512
c57e0519932d47863a4d50ab4c20cc1745fc993d77143d9adf2ce4d65801801c325bd6887c974d66e0548c31041fa8eb02020aed49dae939be8a4a55f22ed926

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
7500bc3b4c48c1e4a3e836a9810fda2f

SHA1
66a3b17802ac87aee474bf0540b5b86434a952a2

SHA256
e16b9fc41111d52c2d08ab81775080658b7f572c4cda9aa72608ef52533d1a8a

SHA512
6befbf9b0a117de5935b6f36b9420918797f16493dc9c1864d8eafe176572817c6108992ec8ed619c21d26ba742821e852aab279068c191e3470ea1a9460542a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
42134ba5dec249ff27e039a7366bc3a5

SHA1
4b375420749a0a916fba9d7206b1a343ff75311d

SHA256
56f929a1995525df465392b2f699a827289b00896a8f365f96601b10fedcfb26

SHA512
f181552e60ea4efc2fdab0e1954ff8f4ccf2ec4f8e2b9ea42394a59899761aa0b1fc19f2b1453ca9f803537b0720746787392b78aadca71e92fdde7f3b3d06ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\20d18e2a-61c9-4d34-8ae1-ad4f8594a3c9

Filesize
982B

MD5
c8bedef7104e2250e5a90e772eafb284

SHA1
5f4e0fef455bd89fe386b71385ba5992e3409c14

SHA256
0ebce00adcc84cbe87267629a85067536794af3cbd6049f8cdda08846f2eac5b

SHA512
f36ccc71dd459327812ac23a18ffefff2292bd92dc179eb6cb7c9a8a9b6600fe3ba9c83dca428294d031022d5ca5c85c2705d7784df61f6f2fc9b6efe4b80f36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\410bcfc8-33e2-49ee-9d63-3d71c4eb1190

Filesize
24KB

MD5
f849b0dee3afae9bb4419f1502dc8912

SHA1
0448a5d789476aad6c4a58376dbf4aa7a4189463

SHA256
0cfee89a36a2fff91062344afc957388fff77e26cd085fdeaa145a5e0c714cec

SHA512
0e3023c682da784e9d5f2b5a60ada3d9529f6a80435ed75afb31a8b076b226f1d1912a6400699a533ce51c707859c1e6a168c1a164eda24497fc2354575668fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\datareporting\glean\pending_pings\d7bc76fa-8486-4029-9d58-e111311ac70e

Filesize
671B

MD5
1d855425ba1fe25058f00620151ad126

SHA1
edc703bf9ba7df31c7bac8e531fd0f0194e04572

SHA256
56cdea5d87a1df85ccbd7d2839d47a3bf36e8986d0fbe9434a4072478ce6b823

SHA512
e5f638d0546c644dba15e8f5249cda2e6d098bc8a00b48ef018a858d9e03f0d82fd64dc2078016d396aeb600355ab23634e0312cebf251c0501750505d1b5dc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\prefs-1.js

Filesize
11KB

MD5
91b31023f9eacd27d8c3eb94d9b78e77

SHA1
266bfe181124c3d3ace03f1a6c15a6f01179d9fc

SHA256
8b690937287f8ae4c002a482e770a4cf2c28d00bc57698cfcfa0d6162cf36167

SHA512
30e9beb3bbc320df7cf3aec47a0fcd753bf659d74054552741b9ef83e0b1052553a62a884529b92b5850852c8a6c559c61999471dd5f45aee8a6309108a99eda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\prefs-1.js

Filesize
15KB

MD5
dbf98ac406ede80d242afc3406f9fa79

SHA1
cd15e039df7d2f77adb682886df1fe1307172415

SHA256
6afebbaf19785013edd75506052e5d77e73196726e4a491de7a6a60148a2b5ff

SHA512
30e6bab130d56d441d02eb3dcc4f5d1af33acbe6e1af5a7de8b2f0e3adb22493d682e1853e452d823c85011ad5056a8cbf59b94206e29a63d5ace0de0444e355

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\prefs.js

Filesize
10KB

MD5
c799a62b45f5274d23131f8995583e0e

SHA1
6653bd8e77578e4c4895e6fb92ed7441b561c748

SHA256
e696df8c76b03ee4efe56c5097b046c02bb34038079dc29ef1bc9adabb7f0146

SHA512
72a49c838d49d67e7fa20d7c38e578b315290e4464d93b85c109d69f8240a98f03b4ec97c73c067839a1b455d389502a94f96b18cf88198e0cdca8f6d545d5c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\74uts9gp.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
3b9dddf501e23ef01f01c5dc62e0d0cb

SHA1
a8f4e4e0e2e54c5cc78b061b0ef7a6f2a9f8150f

SHA256
ef75d5828d237e56b3466936928ae45c2d56c6fbad4d48481803d4c9beb89500

SHA512
e1f9c8d85d7ae3679ae084bcc09badaf5b0a649ae6175a508f950441bf414b824c03b370fb08aab5c5bda100d663a1ab1e0326c03c015f897c044d289ae6b46a

Download Submit