Analysis
-
max time kernel
1144s -
max time network
1145s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2024 02:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/drive/folders/1aSY9BvTMzS9L8cXsGi-1wvR4BI5R6D5A
Resource
win10v2004-20241007-en
General
-
Target
https://drive.google.com/drive/folders/1aSY9BvTMzS9L8cXsGi-1wvR4BI5R6D5A
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 26 drive.google.com 7 drive.google.com 14 drive.google.com 15 drive.google.com 19 drive.google.com -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeDebugPrivilege 1220 firefox.exe Token: SeDebugPrivilege 1220 firefox.exe Token: SeDebugPrivilege 1220 firefox.exe Token: SeDebugPrivilege 1220 firefox.exe Token: SeDebugPrivilege 1220 firefox.exe Token: SeDebugPrivilege 1220 firefox.exe -
Suspicious use of FindShellTrayWindow 21 IoCs
pid Process 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe -
Suspicious use of SendNotifyMessage 20 IoCs
pid Process 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe 1220 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1220 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1740 wrote to memory of 1220 1740 firefox.exe 82 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 4392 1220 firefox.exe 83 PID 1220 wrote to memory of 1044 1220 firefox.exe 84 PID 1220 wrote to memory of 1044 1220 firefox.exe 84 PID 1220 wrote to memory of 1044 1220 firefox.exe 84 PID 1220 wrote to memory of 1044 1220 firefox.exe 84 PID 1220 wrote to memory of 1044 1220 firefox.exe 84 PID 1220 wrote to memory of 1044 1220 firefox.exe 84 PID 1220 wrote to memory of 1044 1220 firefox.exe 84 PID 1220 wrote to memory of 1044 1220 firefox.exe 84 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/drive/folders/1aSY9BvTMzS9L8cXsGi-1wvR4BI5R6D5A"1⤵
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/drive/folders/1aSY9BvTMzS9L8cXsGi-1wvR4BI5R6D5A2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7335ca0f-6aba-43d5-bfaf-e9b4711ea031} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" gpu3⤵PID:4392
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05bd6546-6235-4ce0-9d8a-119e4d652248} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" socket3⤵PID:1044
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2952 -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2964 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {943b2e1b-dbba-4332-be71-d60270747958} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" tab3⤵PID:1332
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4016 -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3984 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {221afe59-8c0f-4847-9457-9c6663a7e76a} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" tab3⤵PID:5068
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1588 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4692 -prefMapHandle 4712 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f658552c-730d-402d-b7a1-db0700c49bf7} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" utility3⤵
- Checks processor information in registry
PID:2688
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 3 -isForBrowser -prefsHandle 5352 -prefMapHandle 5324 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a7a3a20-98c5-4a4f-a745-7ecd2a930822} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" tab3⤵PID:932
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5584 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e25ed0d-1404-4bb3-a4f9-6ee4bdc20879} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" tab3⤵PID:1900
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 5 -isForBrowser -prefsHandle 5704 -prefMapHandle 5708 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa196db7-ffb0-4e7d-8ab0-ab9f692888c1} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" tab3⤵PID:872
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\activity-stream.discovery_stream.json
Filesize28KB
MD5e2568a9733c356b3dc08b789da35b1c8
SHA19860d83874408fd9d38a6dee6f4a525b19c8278c
SHA256c9cfae8b83b00c9c8a34e8c4af275e441ff4d74a633816aead3732e1e07b9037
SHA512b4d79ec4b6d49b9f52a2a6bbcf59a7ad93c1d88c320947c1e39b132dafc1c30b07183470edfd180fd31cdc070ceb30453846513c82cb259eb6f51c36b5b8c2cb
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\69TMKXAK3Z6XA9PHK8J5.temp
Filesize7KB
MD5aad88d2ca8c13bf6e50787e80d111336
SHA19cbb4ee62a88b1fde86da15a04e479466f339509
SHA2564b61ba35dba0e78da33b300c4b3bfef3996ae36149b86b7d4434f16abd7b5cb4
SHA5128f05b6ba5b4efae4ef619718771d3f1a1dfdb9a18789318b78328e8ad883c37b697ac3a71ddcf4e9af6565526a2dc49b80f1ff3302f9db698e2fbfd3d970d212
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
Filesize6KB
MD5500e9701c8275e27c32a8763f7e6a701
SHA12cad1a98915479e001933e7fef1d87aa73e2b9f6
SHA2561d836e5c7861bb75cf0def9a058e1fbeec869073884d04c9e4cbbcb9b8cc223f
SHA512442793ed188e3f8841af1ec11bfd0da699df0d73cee31dc96537a35197319d90cb93a81495c3e13b5145a77f631217c336fc34fe297a244e6095cacdb1708466
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
Filesize7KB
MD5ee901d367536c98e4b2dda88e52ac652
SHA17cb5cdd9fb6c05c253ed1fb16e0e28d97c34e563
SHA256a3b46e2f2506c74daca45492719acc60da66a11691d81ece90043d653e7be346
SHA51291dc2357f8986ee94e9fe7c764c9ecfe911457d8fa40dfca070e0092fa62c69ae3aca79356411dd6fa7f49a2e7154a3b8146c38ce46ccb8e73d925cd397f7dac
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
Filesize15KB
MD575403a18c566d1df860f68947865fe80
SHA16fe2a5359f8d1e09881d59c5db6eaf9150d8fc7d
SHA25674e89b93f6c4261e61ab7212d630fbe18c5ac4b74d117ccb5ae42dee9112b116
SHA512f541d1b388defd40adb62e5ae0a0ad783f348aa92f95037af0d3e2b85c26c9062ea35cb9e75cfd3176ac90ddd004c5e0461d665e1046e82583f735c6d6a21738
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
Filesize16KB
MD54714d791a9c13a926f5f15c1656c2653
SHA1b24c22cb36399a9384ac16c6e992312bb830dca0
SHA256dbcee787d79c034e4a577a26b5f2664ddbf9ae11a9c0e4ba2e5c5e976237be8f
SHA5128519d8dbd4a4160ec15451a09d1fec1a0bca3feda98f066b1840413e2e60d679b8e278bcd5ed3665db4598fe60d5c99348205979f18308e694c742a030f773df
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
Filesize21KB
MD5940ac7828daa5d3218335683ae519ed5
SHA13dfe8216983a4c365ab29172f8a46b53ca796cc4
SHA256c1a9b0f6f5439761b51345e8999314a4206ff2f6d8a4d628a9bfb4c71ad47856
SHA512b5ad15fdd4216d3b62c0997f044c1bc38fdff4eff2c0528972d8bc0409c10ee97f7fe8f38c0b588f65885b129e312f0e6dcf701c7f6c12ea2f185c1d212bbeff
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
Filesize22KB
MD5558b1c273bb6fcece0a1d32d25e62531
SHA1044055e07b90a79bd45c520f3ab0f939f759f5b7
SHA25691d2ba9dd17a37fd8263e7c7f2b8178f28e0f254e79f7a30e8237be2b281f1b7
SHA512efab21d23996281d2170e7339a090668f2eef1bf9caff94a587cf77364688bbedac27a494d289769bc2fa4e5c2e8c5af9d1b887056c39c4ca2a73a4ec5c5bec3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
Filesize23KB
MD58049bbc01862e211a60c5f4314046c04
SHA1bbd74d5756d773e866cc1f01d204306433d8aa91
SHA2567303c28a35de9fcdb88046e026b7cbbad8f3e032d2bfc99941b7b4d56c3b283b
SHA5127d540ecc3d746e3e9ef43ff9bb870881ba4bff5ca83bc83b4dea196a298ac179e7aff4097dddd1d84ec526a1dd744d68151805a46d9a1913314d36c275e5d72a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
Filesize26KB
MD54ef67bc18446618140af4e7a684746bf
SHA1c2b8c2669a0b810747b17b9d39124c80423732d6
SHA256911fcc8e5fc364a2a7b7897488927cf11ebd2fe133f5e1110a029de9d1037c3a
SHA51263063cd432ffcc2dead1d0c14da6c426f87c28aca060708032486a008789aa2463982839507aee258ffff2c2139207602e9a96188dd0f09a0b490fe13799843f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
Filesize26KB
MD53158e5f2ad6d41445859a0a50cbef068
SHA109d11e1fb9bb0b0a27baea6b13affadda5f33be7
SHA2563f4b5e08ab130d86d7e1c19d62ec1d5741d4b3f81775adf4249bd0049b292d48
SHA512f2173d6e4045a1e51a49349ff81dbec85d10c8a5de68a55fdf965ed44ec194965ac4e0fc293bad5719d5c882ac8f25789728b22e2135bf1b8b591112a43f18a4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\bookmarkbackups\bookmarks-2024-11-27_11_-29R7048sQLE5ULS7JPEPA==.jsonlz4
Filesize1017B
MD52202e4761eb6be779dc65b44854cdccc
SHA152a924fac3d9b33306ae36facfaed565ce488996
SHA256f93e8f9a3d16e1559e0fb3a3f11d22b9a8f6bec2c30c9a6324feab4ba96deb2e
SHA512925c43d23d66f005a463da72b5b87bda351fad1c451b32ba212a90829d12811c0580ecbe33d8845b5fe17c2d4645917c2f63d07067f6a0b14442475a55c16287
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
Filesize23KB
MD5eed6452cd0aa5139e675c654e7e5c58e
SHA1a7cb03f0c2f4ad95572cfd15c94e113d4a7eae5c
SHA256ce50ddb27ebf5b29d0718c0f44a754020d86211972dafdc46d3da14f22d00a4b
SHA512b0988d3ad8de5b692e53dede0c38a03e8c68ee9f5e74c93cc25c8b50b8cfc6a18de73e574422556a092203c91bbd6e4922c99647d75c7c4e0c317dc6b290d70f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
Filesize23KB
MD553c43efedc6ba81d97187ffd6d2c5178
SHA158dd66b821959d0eaa15306b548e1b6c632d0ac4
SHA256a96c30e8d2bde4cedff60db07af10d9c28c5914de7a1bcda583732f1d7cec0f6
SHA512e08e3bd7636d1921b31003136d8747a7c3a38bfe6fa66b2d2102a1f7d30e226e58cdb067eacaeea9062e9275efd924b1978cd21c860af4f601b6f1f0ef93e99f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
Filesize43KB
MD5c8492b0a3ff16def70df7bfb996fe91c
SHA1ba885938df56607cbb6ad11deb3fd3ffa482d05c
SHA256201a21c640332d11e153abce728097f3865f8276bb0fd23488302900f8003298
SHA51286239bae59a32027e239f94d13c8e8803d7bc3b95a1786edc406098f39500482a2dbe99058f197b26634eafa7b60de8a1e7cddac6d7353140cec8f5cdffde99b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
Filesize43KB
MD59d02158a2cbfc3f1ab2040509518e5e2
SHA1765956ad4c24f5e9f233f227af14ce641c373cf1
SHA2565a1c3cb40a3144faa58073a3f7207dd4ccb380d577e31f2d1c78c8f382a90b5d
SHA51216bb074aeca7b1bfa104dca7831a6299d4836695d0de282b8a0bf1c0bce595934b30afb65facc80afc103701cacde5420d3e398075c8a529ec3531b27dd60d7c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
Filesize22KB
MD540d487d166e594e1d1516037cc710ca4
SHA15e6014005f8be207d247472b1aac712f369b0d49
SHA25623dfd54e925ee6822e8e31551dc68fafe6b776b0c3dbdd4f11123720a814f61e
SHA512b498e5f539b3ead8cc73c4dac61837dd3af818dea5fe17a8fa97ec4b6e50ead9517436b3bc8e2696eb3bda0b2043ed57d5b309f0966784bc1feff431125cc30d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
Filesize22KB
MD55ccdc8db1cb17f4f862f8c1c9b8245ba
SHA10b1e89b65a2176cfa0d112290e7933253e223f84
SHA2561a9270bc707f04468c6cd895806efba6d8c6a718891839ae773e84c1d7f87c1f
SHA512d12dce48894df279ef6fa8c91a6dee5211a939e4e590da067986e72ac628a0955bba237d5278da4cff99c147fa1a406ca9e5b85d260fa43dddf2db3c9748cc7e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\004fcc2c-605d-42da-b362-3c24da4ac0cc
Filesize982B
MD525c0d3683b37af2ef2cb619a2f7c4c56
SHA121dc855cbdbf52054405e4207045d10b027a86e0
SHA2564ebaed68daee4b0caed4af90d6be9f49cbbaa09ca4bb28e18d57b90f323b88c0
SHA512f2fe929348027ee96cae48d4ab7091265be25473207166e8922e6c44afb740a37096381f7006584771f0d25457942c487d9055b107f5779f0ccd64e03b5db4b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\8b927860-595e-448d-b761-ec925bd5593e
Filesize659B
MD5c7c93ec72332536e4982f012f57f1e5f
SHA1fe2fd5b5cc98f682390153a21da9554518602cb6
SHA2568bf721bff24d200cb18dc898c268d626bb4313697d7aa300d0c51738fdf323c6
SHA5125ee1455abb9688875e30feb8ee02fb33a7e3fb0bbd1e4433925a2a4f4471b43575e5bc51104627bfe32f7f367769663933474aa9121ce783009b959fca25983d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD58ada194523a9893629ced973b4d3699c
SHA18ef08d3c2e226466adaff5e6a3783169d61d2240
SHA256b1d5b35fe34fad2690b8a468c72e8d144b09230501c0b65b2d27d5ed2f2ca978
SHA51230a505c6c022049f5ed3a15e0e4f559271d3dad0a5ec26a8fd57322605b951ceb8c388b47ae603c13150930ffb49a182cb7496ea5f315d5d3226b9f1425effc7
-
Filesize
10KB
MD58ba32bd2cb19000c67eb0a7c5cd660fc
SHA1b75692ad0ade0b9960f750ff5b923286985097d2
SHA256bf0a6682ddd709721176a77af70986f0c319d93ed58f787e5fafc581df9e3969
SHA5128d2c83f3c555ed87bd31d72506f836f1aa918fb80ac7ed4c8c4aa83c5b8844e0d06dca3d93c3d055cba71343fc95da3d287588e721d85ceb763ad8e20cf82d25
-
Filesize
11KB
MD52f783742a8c177cf877f1294a3e8a760
SHA104b019d8ec785a533774705fec25c1961a6bbf22
SHA256de8dc1c32a9f38335a51226b11303018ce57bf6d60277acb858ff135883b958c
SHA512af9ccf3dc06d9b8bc1e3d0d76adbecd49a573f4c87794c15b4a03f8e0524361931149f19b4f2fb86a1a9651f85027de9667b537e021264565564b5b6fc8841ad
-
Filesize
11KB
MD564aa5690dbcf8ad2947e6e38693b25ee
SHA1606992d499cd5d1508f3cada9c6240fb11af06c9
SHA256f21728e7f5e1ebd3398b8321a50fd6e5e85a824c9ee31a14e373e4a1a27c4412
SHA512a5846bc529677df452f1de6bc3e0bda7fe00df765a5d7f34e870ee41412cd5aab210dba1ead2e52e0fe558dbc12839c92a1ca7cba98126e887f8c57f630cf25e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize552KB
MD585c2cb04e90405056915508e53c039a5
SHA1b00d4c6791ce5e81060019712ae52d236044a725
SHA2567c14f6ec6e2c37fa30c2f660b59dc500b21472c305c1e5e61a7e54fbe58b9428
SHA5121b390835327cd2d30adb0a589e6f576ed4b3f98fd086cb9720db8c21c81f6d10fd72c3d770118213a802a39ccf47ca2c49e82d56c4df17663df59ada1abc77c1