hxxps://drive[.]google[.]com/file/d/1XtwI-IxrbARFhGmKTY2xedAd7YD8z0Cp/view?usp=sharing

Analysis

max time kernel
258s
max time network
255s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1XtwI-IxrbARFhGmKTY2xedAd7YD8z0Cp/view?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
8	drive.google.com
9	drive.google.com

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Crystal Game.rar:Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4716	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe

Suspicious use of SetWindowsHookEx 62 IoCs

pid	Process
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 2280 wrote to memory of 3428	2280	firefox.exe	78
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 2024	3428	firefox.exe	79
PID 3428 wrote to memory of 4508	3428	firefox.exe	80
PID 3428 wrote to memory of 4508	3428	firefox.exe	80
PID 3428 wrote to memory of 4508	3428	firefox.exe	80
PID 3428 wrote to memory of 4508	3428	firefox.exe	80
PID 3428 wrote to memory of 4508	3428	firefox.exe	80
PID 3428 wrote to memory of 4508	3428	firefox.exe	80
PID 3428 wrote to memory of 4508	3428	firefox.exe	80
PID 3428 wrote to memory of 4508	3428	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1XtwI-IxrbARFhGmKTY2xedAd7YD8z0Cp/view?usp=sharing"
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1XtwI-IxrbARFhGmKTY2xedAd7YD8z0Cp/view?usp=sharing
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1896 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c19a8277-e7bf-4ff3-969a-904a5c48b160} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" gpu
    3⤵
    PID:2024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d31ba5d-5157-49f8-aeb1-f694c1cc40ea} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" socket
    3⤵
    PID:4508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3300 -childID 1 -isForBrowser -prefsHandle 3308 -prefMapHandle 3248 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {000638a7-d950-4003-baf6-e4d8ffa04829} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" tab
    3⤵
    PID:2992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 2712 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3921ebe8-e0e2-41f3-9b74-83c09e27e1ba} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" tab
    3⤵
    PID:3296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4688 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4724 -prefMapHandle 4716 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {561cc4e8-a0db-48e6-95f6-be4a0497d30b} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" utility
    3⤵
    - Checks processor information in registry
    PID:3652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5540 -prefMapHandle 5548 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40b2adb7-1092-42e7-8350-c4cdcf280691} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" tab
    3⤵
    PID:2396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 4 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4561aa0f-e35c-4ebc-820c-022671852e1a} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" tab
    3⤵
    PID:2324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 5 -isForBrowser -prefsHandle 5860 -prefMapHandle 5864 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ad866b5-7176-4a18-a2a7-ea4a2a926da2} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" tab
    3⤵
    PID:3408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6232 -childID 6 -isForBrowser -prefsHandle 6160 -prefMapHandle 6164 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d771eb0a-bd3d-458e-ab72-4d8c2a647301} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" tab
    3⤵
    PID:1200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3040 -childID 7 -isForBrowser -prefsHandle 4540 -prefMapHandle 2868 -prefsLen 30547 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7db6efb-2e23-4f75-98a0-37cb59661207} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" tab
    3⤵
    PID:1288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6888 -childID 8 -isForBrowser -prefsHandle 6896 -prefMapHandle 6904 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58ba2016-10ef-46cf-a206-58e6022ba395} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" tab
    3⤵
    PID:5076

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
ad79d72cdfa2247063a38a5c0411f22c

SHA1
eaa46a6d202fc7db67fe5c152d5e722eaac1bf3e

SHA256
ab4fcf0fb726fa4a62151b6aba7bf3acc54f5d7942a074afb9d2856de0f5cfe3

SHA512
43172f1a400bfe71a3ecf4a6b63bb941a9f9935f1b59febdda4d83ea4b45a62a4e63b3be6a7e32a916c87bdd16090ec201e7ffc0ddb7f6e6ef70e29c4d9a36a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\2DAFED1FFA4D7E6A0CA81A21A9783F5E75F52F0A

Filesize
61KB

MD5
6d1ba9c84e4f68cb15aff6bcc7040d2e

SHA1
cab8b00b932a76e710c3ab72a24759e94134e821

SHA256
b4041f1bb0d5e998f7880c25c5666c51b1ecec2fcc269d472af2a647a9c7a8e7

SHA512
7c34d91170a213be3ee3632d272e34e2fe10ede973df088d8dd93664bbf7772c2c02dadadf3fc1fb6dbfce5f54875c61a29286dde47b3f86d21a86a22cdac20a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
16KB

MD5
7294d35b7ba6452eeaa896ce2a5e8c6c

SHA1
cc9677c789e0461b4222ea77b50f0789c02d0c9c

SHA256
49d9444328b8135f066a2d8d8bb32efc53e7fc93843c363c400990f7696fe2ce

SHA512
9870c40c7c0bfbd19fb0653c4358694a5479aa959de8337d7db87a80326df3c2a432308b31e4f58856dbc7297317ededd9d44a0e562ef0b2a15ef5ac05e7c312

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
8e3c18ef04833c832228ca0944c7ac9e

SHA1
a78302be7beaee9899e6679eea2f8cb87c27d57d

SHA256
3cf9708ed37f60f07c80b653f1d765e9396a30f4c6f8548a1e253b4a5ae087b0

SHA512
b6717b5bc2446c09f9fe3235145d46128eb7343cc580e4b9e62b6b4f5b6f511d1677ece9dcacb8af276a7b721a58a2b7cba92f913e3df464f6933d95cd6b3de1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
6KB

MD5
ef10c8de34406589a2efed35c06faf23

SHA1
e61feb30da7528835dd912a14f6ff7bd84fe2aab

SHA256
b19029007f6a47097c40c9640942929530dcf408bffd380fd3a7d731ba109b7b

SHA512
ed3d906df8155cc505beb4e71bcc10a4435f6cd5c81b9fd9e029dd6a6f568dcf9ca572e9d8980f963402010e1bd068f68d2316042764f522eb4a11911166415e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
10KB

MD5
40070a5439c2abbbdfaf20d60961c34b

SHA1
75d88c9840a2663ecbb03552529a59471852c814

SHA256
e158aa511067af0aa7294e0859fa19f300fdd6b96c6d8bcbdbac370733c69b5c

SHA512
6ddd13b6835696876070120f17a85be2de234e7e0ee5acab40b58884a41a8e541be71fd5951c78f020dccc3015df3c05171dc316c88f6f3d59fcadc2f7451eae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
28KB

MD5
f19292e554f7784838fe77a6e5bbf1b9

SHA1
ce9f194f5b7c23d7bd95ec09d5d6a6cc4cf7d8c8

SHA256
5b64d8602154a55f0774ff82f335d55d2b9d4effa9d36ded74b60b99376ce377

SHA512
c6e746ec116b0479093fbf1bcc279b0b6de106955d8c7578689978a2e04f3e635e85579f96713f5b113d6c2e49987d2dcbbf234dfc88ca6cf017624a106b5dce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e6ac0d3551b01e8440d32037fb32c84f

SHA1
746c2c7bd4382eae808eefe3c6099e9af1e3ba5e

SHA256
1e75990bfb6ac37118cbf81c9834055d88e3bded302d5508d6d90d6b9c8e3cf0

SHA512
0ae9a1e28c0d1a343888e672ba5ef4d57b53cb05462f92cbab78b441446a67b2b1a826f23d17491c1e097660e0d6eb0a3f71d6550880e667cadc092799625beb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
8f7b6ee6517889e18f56d79b8db72868

SHA1
b82e51d090fb6fa688fa215beff8dc33a1b52147

SHA256
2b537570155f233f01a85f6c52354d4b22905d05cc65c9e3c6d32f4b79d2a155

SHA512
1de091b2c35d44093317dc623eec280e2e1763cb3bb26801c35ee702069427107794a86816481a4ed71975937e6c4bd748845313b7efddb00ce57c62b90d7660

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
1f2e28a1e52165cc576adc1207f18452

SHA1
6917955dc294a835e20624f53897f10503fdc5a8

SHA256
3960d0cf343e33260f3b5a28f0b11ccee83a15e6dd328b87e462be79ca660d74

SHA512
54b4d5543d3208cfc38a2232dbeb5fb4bc0cfd6ee79762ae05270af95c5e603fe454c5601e181d57ff08ecfafb81074c8f9045609e4c613105750e4b00bc6b78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
beb14f95acea011b68be28ce767dd584

SHA1
b0f75c410a1bef101fd22a72ecedcd54cd6ad70c

SHA256
cf9c7bf4cc0083140a3d8fdea28f05beb18948b1522b6f18f78d144a77b2a035

SHA512
e1172c0a7624c34affa56ccb0199bc5723f0b987001c3fc276ac2f73a84fa54660efb9009407f20c43d77f25201d1c72d873c1b6c91be53ef4cafcc83bf3f2a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
ac8715845741d93f58532bfd5e8b3933

SHA1
b2a40968754e2837c82273ab681a70b171aa3d4c

SHA256
8f73ee94462f80f6680e4d4db09d8976c1755491ffdfdf0f95965662f41a1433

SHA512
fec7be54d3a17fa778b2d0ef79204b510ae0c4219cafd29f2065be76a1c0a670b19887899dab72102d69e54dd5113e43e0052047e446bd2adb8b9c1e3d9cf257

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\2a90a0a6-aed3-458f-a9b1-df7f633b2d47

Filesize
25KB

MD5
ec11a73495778ab7b3055a968828fa65

SHA1
309f4ec6cce7298ac241818c79f2330459e21f4e

SHA256
ca54ecabd896dc3841e267a08bd14bb08629047ef527890e922b3a75b1db7b6a

SHA512
b1e607d8c7098b344cc9f0de1b0585aa38fbd87f8312a1d7b7f6fa7518bf5c063803b9392c0c3bcbd66f36c68dc1b7cbaf8afc9f9e9fec5621ea99b9483fcf0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\6c14e7a2-2bbc-4ab6-8bde-49b5b0e224e1

Filesize
846B

MD5
84e88137698dc7699295ac13485eab9c

SHA1
a39b8004fd04aa7327302a392288fadc12035e1a

SHA256
87142f551ed47c87f4be3c9d92696bd894873b38b3ba12db20381f0ebb4e5e3e

SHA512
ae2dde106e8904cfcfe9066a3297e98fb448d60b859c8fba57ee61fa127502845bedd7bea5c094cfcc4e74d6c87970849eb664df904ab3e09cbb72eafabe1c47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\7d3c77d4-760d-496a-9e9a-281851a0579f

Filesize
671B

MD5
6a7f5ce9a1407500874e5a3893512cb1

SHA1
299ed01fe4f33ec39539833cb3ea927565a22e89

SHA256
4183a98f64186000f9bb712be4ac74e033eb5bd6e2f94869365a571e44b34d64

SHA512
93f071f57ebbae1bfc9fac4aeb07703972ec9f28785ed81b7f972c47e14bfebeaa2836ba6de835d613a5c5a283e28aeadbdc266af1a8523ded38e4ef54135190

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\9cf86d89-77db-4a8b-874f-8f7412033df5

Filesize
982B

MD5
9b163a1efe889d0856eb7289434d5a33

SHA1
baa2aff3c8de654a33133f778b75e28f96c1286e

SHA256
6c3e2f730136d80a2a94b8d2460611e44d670d31967a1df2896d4b7f5aa1e821

SHA512
39dfe709a69f9d4256f595b174c0c87d1f60f28b9b152801690e1524783c2acd0bbc0e814d6b7f5fb64d4d06fa8688708530ea5cd83fbc0628fec71a22fd38ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\e54d0720-cc24-489f-afd7-ee581d341ede

Filesize
2KB

MD5
3f0820ec7e9833ba850b7ddedcc9045b

SHA1
da870bca939a2daf35bd2d5188d1d9ccfaf6a6ed

SHA256
513fec828ae190910e8a131f8a3b6906e0b68f30f5082105d3219b22e18eca61

SHA512
8a148bb4ddda2a14f8ab71ea888a02ab0d926ef2d74a5253818e7913ebc434c312f4340ae000367e20c138f1c3cda83c78b5c474595344a66cc09672608b4127

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
11KB

MD5
cf644536248af4519845539c4720c44c

SHA1
0265c3648d246b2f9f1de7c0e9ce609aa2222a92

SHA256
6f89d73fa4ebffffe5638042c677451ead664c73207986229642ef77a80b3dce

SHA512
2b33d730b2dd1dbdf69398fcdda1f980901c1665ad9d07ed25a7e5ab453fbd991b024ca688fa369543f9ff683e7fc26dc6f107404526bc4112f98b7b5d7ca9dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
11KB

MD5
4a70d1731dfb10925f1f2d601cc901f9

SHA1
63ec94c28f392488431bf4fff286d5249b6db7c5

SHA256
7ce8d18defa443af491dafc0d569767a14f93d61947eb479b5daaa6fe8cb3d94

SHA512
39f60494ba5f5409849b072d0218dd72976945b07f832b57faf3035b7f93985766f6b3e3ce77ac94c92fdcb2fb4c25314518bc8b501a2882ed470a7f67bad8b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
10KB

MD5
bffedfb69f388c714dbeed9fd5e73564

SHA1
a0f23d48273d75b278b762a65b6833d2d2e82a20

SHA256
68c63b65a4ae4c1dd95c44dcd102af91e4206378c63a1a45492fdd38d65448ce

SHA512
bc5807ba269375ac7b72fa14a24ee881920c3559bd522f12b86666c8c43da497cdd7cf4d3c8b136821d7c707f10f8e6c3dadf370e88dcab460031c165674a21b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
10KB

MD5
ce78d4b43cc3553844ab476f72bf87d6

SHA1
07f768658f0d5a8b8c5ebf0a2ca3c1a233c2aec8

SHA256
277ec3e7465440dd1aa1dee77b669a18718ccc7ec56e4000dcddb00594ae28ed

SHA512
c1208e4d77e598a46e35c77e4951400158ca789fcb3d9ab0b378154cc576f034c9132385a3eb53f8ec186fc6e1443c5f26fd3fa8809baf90e99d00deeeca176b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
11KB

MD5
58eaa77896029f3e2754e357ce7c6ba9

SHA1
9a2b8ab61156ef98a19405494afbc70c947a3b51

SHA256
19f7ed4b832b57e5a1b85390cc20c5aadeeda8f98cae1fea5fc2f3fdc3312ce7

SHA512
4728fbda4e9905b015916a52d5121c6f016c1efcc4e1570ce28438ff1a433682aafe8db780e0475cd90c44d3e9ee8df4d1f6a1fd7f9b7c27285089219ab0df59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
f78c35dc5caee02806136c94425a2ab9

SHA1
5c0cce940e9b724902476f53123df02c9b8f095b

SHA256
0a32252961dd39159528c9e1bbc0260e675a75ce77339e75a36f6ae8cda43d65

SHA512
9963ecd7a4bb61cb83c586491bf30a39afe4cf24e0779ac3b7bdb12f9d0cd15cac196636dc9e79f6f7aa9ae9257f866959bbce91a8d0cc586d62c2f751314204

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
1307cfcbb1c14992bda63a74618c908e

SHA1
ac7c61af2279f9ade941bf727471958e2dd20a88

SHA256
337132474f13630f8a9a64122b7c633a40867cf9746ba62ee089c5818c6a079a

SHA512
6cd2b3aad52951f0739884c8c1269c29375039389dbff7fb7ba951ae09cca3d8a8c961363b7461ab09f5c9dc71ed835c7a0a5ee3a49b293ad91a283c5a2c1dcb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
ef146059dd96772d471e2ae62503b782

SHA1
302fb2e7b1df323f19c0632fdb3e5c94a689fb44

SHA256
5c45333932f55e3bc1a026b565d6c7fe11f5ba0c60d95e4361c644baaaaaf056

SHA512
00593d8af833f29f8324da1400f7e4f7d0fcec859457c5e3c2ab0943c46301ab39c76b44fa94e04a2771d5d27b44af9ae6ebadf44f0ffc537f124d4201c92667

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
d18d7f27fb2ced12da8dab894ed611c7

SHA1
348daf7f1e31354a95f158096a7a4ef0fa3bf94b

SHA256
e87bbba5cfe5853a9e4eee73797d629e3449b7a75f09a60ad7e0edd86a9a2a03

SHA512
b91f599d42015ea3cf03666bd092823e6692c27f0a3ce0090b653585d3865ec581dbd84af76a151333ec1f27323a6091dffc3bb1b2e5a35713d2f71f008d99b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
75f254c27b95c58257a1212d382f95dc

SHA1
0e35d7cdd800e9ce1c7f4c9203dfb1af86246e5d

SHA256
65f154fc27e9ebfd1d2521a802643601e60c4967b9592e7e079481fbd78af5fd

SHA512
b695049cf10708d06e783ad4b856da068ec010558f65bfc2b15c2473f5c269166fdfaba47e3e28cc880d136311d4415dd3bacc41ab646f6f3813270ae8e4d8d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
f4367a71ca44bff39625e81b049c692a

SHA1
9a344a66de4b59757e6551035beb0346b1af3d02

SHA256
ed639b7d050093e3c30fb2ca64c579448ed367e4012734056e60c0e1873441dd

SHA512
a19b041dc19fd5206591329952932ce18b063e3f78edcee3415b760e3e58a5bed11592fc8cf046867ee2007011abec309b6506f66370cdfacf84f8c75b7f298a

Download Submit