hxxp://drive[.]google[.]com/file/d/1wtS_YySZ9tbGhCVNy6epDgF5fSfFfvrV/view?usp=sharing

Analysis

max time kernel
891s
max time network
888s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://drive.google.com/file/d/1wtS_YySZ9tbGhCVNy6epDgF5fSfFfvrV/view?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
30	drive.google.com
51	drive.google.com
7	drive.google.com
18	drive.google.com

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\AnotherAxoim-A2.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 4260 wrote to memory of 1120	4260	firefox.exe	82
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 3040	1120	firefox.exe	83
PID 1120 wrote to memory of 2752	1120	firefox.exe	84
PID 1120 wrote to memory of 2752	1120	firefox.exe	84
PID 1120 wrote to memory of 2752	1120	firefox.exe	84
PID 1120 wrote to memory of 2752	1120	firefox.exe	84
PID 1120 wrote to memory of 2752	1120	firefox.exe	84
PID 1120 wrote to memory of 2752	1120	firefox.exe	84
PID 1120 wrote to memory of 2752	1120	firefox.exe	84
PID 1120 wrote to memory of 2752	1120	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://drive.google.com/file/d/1wtS_YySZ9tbGhCVNy6epDgF5fSfFfvrV/view?usp=sharing"
1⤵
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://drive.google.com/file/d/1wtS_YySZ9tbGhCVNy6epDgF5fSfFfvrV/view?usp=sharing
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa723cd3-e777-4bf4-a87a-3e57dc74e513} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" gpu
    3⤵
    PID:3040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14d379ed-4763-41f5-92ee-7e9c32c385b7} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" socket
    3⤵
    PID:2752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 3388 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ec1e81b-84c9-4ded-b43e-9b2969072823} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" tab
    3⤵
    PID:1456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3760 -childID 2 -isForBrowser -prefsHandle 3420 -prefMapHandle 3324 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd72834e-c2f6-416e-a680-171e618f9196} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" tab
    3⤵
    PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4792 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4852 -prefMapHandle 4848 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d7ffff8-5478-407c-bbad-a7699c90fb28} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" utility
    3⤵
    - Checks processor information in registry
    PID:2400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4852 -childID 3 -isForBrowser -prefsHandle 5360 -prefMapHandle 4356 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04f89317-aa02-4c76-8ff6-488f4c8b85dd} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" tab
    3⤵
    PID:548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 4 -isForBrowser -prefsHandle 5468 -prefMapHandle 5464 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f04f56c-b755-4ca0-922d-55fe9ba803b9} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" tab
    3⤵
    PID:3668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e2a9d7f-797b-42bc-b333-4aca0c15862f} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" tab
    3⤵
    PID:5064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3440 -childID 6 -isForBrowser -prefsHandle 3404 -prefMapHandle 3352 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1827de3-763d-430d-b03b-d41bf443cca2} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" tab
    3⤵
    PID:940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6104 -childID 7 -isForBrowser -prefsHandle 6100 -prefMapHandle 6096 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06c63c8e-e9e2-4600-8d60-cd3f505c91e8} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" tab
    3⤵
    PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
2146e7c99e8082f5847b366a14cc75e3

SHA1
d792e84751601de5defc028d7e70a094b3014de4

SHA256
239deea93ec72de30cc63e88284e2ba7249cbc4c0e9c2c3b873b93274c63b3cf

SHA512
7787b6b32eeaaf7a70cdbd6f39e4cdf95b6b5c700c522caebc3c7a1816a40e65ab5c5771f897240936f45dee3b2a55be4250b1e546e4de22c48c1794175510d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3LUHYB0C2G3QGWVVAUGJ.temp

Filesize
16KB

MD5
cbc36bdcf9cdb227ee9c976aa1f1a567

SHA1
d913164012ac24d09e97ef2c2c68bf10b42f4bb2

SHA256
7a49e3d70acca6851b04b6a3ababe57ce29a634985d1c5ce9984a9fceb020072

SHA512
f966a1da55e493152ac63e5e179123f2f59020fc37e7665acae86f71079585961f4d73e54b3c77a33d86959d086803b38b9832de71712d140e77f3e978660557

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
6KB

MD5
99a261f0b3afa79e71c264c92b3b72a6

SHA1
cbaa948130a8b9a76884d76c79a3f2dfcaba1a93

SHA256
fdcadb92bc425712b1a5f66570861ed32f8302e77361adbedd0c7456838bffce

SHA512
41c5fb3ebc1f00191d99abaff21bce2d62302c0d28296791be25876e4c1c6ce2b4de74a22e4cf980536c356da28d9df39f55c04d9f508890d036ac760cdf9281

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
10KB

MD5
4a2d662998a8519f6985053c6780a7b2

SHA1
7562b26ad61a293c4f735897cae2663149b387ac

SHA256
7e25b0d7de34c43f94cad9ba7f7ef5c2551a55bf1b348779b6b8a560fa787aee

SHA512
5afcc3c47d6b2f765b2e44f2fc443dfbba4ad55ff95c8cd0c7ec2605a42a4d77b9d05f9c2c52cfc98b0cf08282a125b862749481ef46cc86dd0a752682cb39ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
27KB

MD5
f521e0c45f4babe3e4492e83c87264dc

SHA1
4b51cd0249ad62b597c9ffa0d43f85b31e3df1b7

SHA256
17684e56b62b52f0c1ba3160f927c43932530a47b8a0d1b7830cf806da4ffc97

SHA512
ec7450d204a714d010d05660618b91536067b2067c273e22df15585505073c6167fb9f4d983acfe535741322ff0734ef8a62d8911771992f5a00f30bf4baca3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\bookmarkbackups\bookmarks-2025-01-02_11_Ki-IDsVWGcvA2qt2H+hW8g==.jsonlz4

Filesize
1008B

MD5
c9c35a888452e9aaafe7c8dd2f8da661

SHA1
35d92692f9fac18ecdb052b94d06e399b44078f0

SHA256
038552933fb4613a745782c6d5fbf7ca6645e81a532fea0d69205a81d2532d32

SHA512
d310c4c15440af018479d9a85d57c974908ab7a37ad509f2bc1e99254425343d6e1e980cd636cf8423011bf997f867dd315fe6027b7c330353af09390888ecf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
94dc50e4516d3d2360ecc53c427127fa

SHA1
6a0c047be3fb7437604a548f17b0fbb56060b481

SHA256
9d82ad70bbe052aea2f15ea8de8dfe8dd74b5c0fa950f0331e28de8b6da3ea02

SHA512
8598b7601ecb96453b36b06f95ff26eb066f4842555e462eaabef3ae8d879f74eed0c52ea03f40c4f8a82581ca29ba1fa2987f6d41157dbd9d8c5f434cde67ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
37KB

MD5
c70974a5bb9c694605cbc23ad652dbfa

SHA1
59262b4fd91f6495a44ce119fb9ee75a756b8192

SHA256
661b4413eb7389648ed37be66681c2e7305be358363aa212c7f880113f5ad245

SHA512
f7c7832a3b62019ee04b8095b69a6a671fa4c68665f49e50d95855db095fa78875091fc8e4aaa40422d500384e5cf3330d4b289975a4a97af084b6a1572b77c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
21a984b27fb8c9f23960c5afa8e9aecd

SHA1
8cc24b9ac3b4e4cf472b9b286199076aaca23422

SHA256
e8703396a18756676b7bcde0a9d6a0b51474f1a8cc906cc2f109e247f988d7ca

SHA512
a3b897a7882060bf5c42e8162c67d01890f2133b42a5e8a7d0d6c44e98a1cce84d8d4f5f81fd89cc5a62d628c9dccfd01936c291554e6996544fe06bd2cd2564

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\4ed6ab10-94bc-412d-aa66-25c0a59e9022

Filesize
26KB

MD5
0fb319f6aea2cd6491ae60a765e78531

SHA1
3e0424b9dc8b40de69f125c4d49aa8fa14347458

SHA256
e9b0ff17b1a9e406ee5bcc67df6806ea414fa6f36e5a0789f943b38bea912343

SHA512
3111061cb372f3a678e7fad506eaed585c594b2f01ce67451bf8a9de023e05e61e4c5dbacd3d0c5b9145d32f17f9889f5ced8db1cf3d0dca349c3ef6b5565327

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\65566ed3-2baf-42b9-8c6b-ea2238d9925d

Filesize
982B

MD5
e15ae23bcc3f2faf99e2f09f7338ec4d

SHA1
fd075f3da77573be5be79a02d94e1748cb9f4aea

SHA256
5662a8ce6232cd37d863fed3d11e3428c296f4ace06b8460b01bc392f21405b1

SHA512
a190edd356a1aa5f34e93a2b3f74932f18c7d98ec4b5a29612e4f0ca11c323118a5f897319565434d7c4b6886b3e7b4d12c0a4614ab7b94ea50efee1ef021f77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\938fea14-6368-42e1-84eb-01ef5eda4dbc

Filesize
671B

MD5
e29effb6c62772c82d1cacb0952fad28

SHA1
fe712a3afbec8d5c29baea1dacd55af14470ea90

SHA256
36194a7df6e22a0ad4d81601e79be7e4271b879b56c89b640a0c8076dfb2c304

SHA512
ce2ed30542c2cf797ce7c71c6fc5323e24c2921238a25533af0b6d7dde07d0a0eb73ab02f7fefe8d38aa14624ae77426354c1a508b1e440e013ee030bb0f6e84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
12KB

MD5
24103cc073f917c6b56734e4cef7c2c4

SHA1
63fed846f90bb9eabdea88f49996741ad3d232c5

SHA256
97da3588d85e6df2d4ed9c03ae9dd2b90bbe9ff70ebb35ea9266e1ea44847a12

SHA512
c3118b42269f38b4412c3bac2975d0048fa702ea5cd54be54465011f6bd91a1b61a5402fc7efd416cf284cb6bea540a5012706c0a068d1cee3b7f03c4877df94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
10KB

MD5
f42698b032d8e534cd9cd0c2a686491b

SHA1
89c55c45119423f1a140966330250e0eea52f0c5

SHA256
31347115307ce1023cca609e4daf3a5dd417063dd2e3d2b8f37106e4fc8d80fc

SHA512
0e7d99e9f70288a5d30647547ce6fa0cb44d20fdcb0330c6e09706b2f02a93567ddd66bfa6ddd6098faf5e1819de58243024f6188f644fa1d3eb6eb235706adc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
10KB

MD5
2666ae2e27def3017fa73fe0c8b26ffc

SHA1
bdfbf3299949a18f1a28125a5145aa0b55e2496b

SHA256
131ff993b0bca53d555846a64583fa4dbcfce73e6b6bf39c4d91206add8d0388

SHA512
1bb68070715158193c8bbd9e4856b8e5e171a3b5eb845d53077428617949d6ddd2aed7d7a878f90c0bb0e7153b67338ad13c783f5c8742cfd549de3ed6c81588

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
94529b6fd416008264980614048b16f3

SHA1
1536cc680f003093b1d19202f982a5ea5283c93e

SHA256
7ba5558c9d5b962a86f12917134d0bf7e47780e9e7926e822af4de4cce6d8505

SHA512
e1ed0ea6c6f4f360799eacc6346bab30e1ad0769e758cc1e52e13d8f0556286afc4f095914715dfeac4a026b55cd6064fc1e193af4012b6ed8a70bc37179b774

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
8e56518eebead68ce1d490adefff2d92

SHA1
2337246282f6a26aac01ad06382355bad170f0da

SHA256
7e8a934e6a25919ad923661151d7b4f91bbeb3c6859e3ee63b40ad2b9566e658

SHA512
d8da5eb3c2ae02e67fb6be3e9c4abd951dc97fdbf86d0874b5ed29e7db3cb2326db5b93f54f626065030aa32616d33a657ff1c0351d6e1d6cd850c4299cf9864

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
fbb943e11d5903218b2e604a17a6763f

SHA1
27a4d0f003fcada9569db43d92b8b22c1da41c63

SHA256
202a095441e1f90031e8196dc10cf4cdbb2e10c202474a484f45a1a4fdfbb082

SHA512
46198d03a225bcff7a5a9a9d7ee0024d833e4acca56a5a04ee12201ab61cbbbe9859d900042d62fd40e95e8c401f9fb6b9528fc68e214ca6384d0c423e25ca6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
84d33938f7e39ac4a67ef782dad8ea3a

SHA1
dc3fe6dea9465933c29f8f3b532ac715d6afa012

SHA256
79093a2e23838bab79bd72bdaa4b6472001ff9348e8cadf6ac12ffbffca9a8d3

SHA512
804d1950822639356cc32781cb4fe92ac2b112a0486fb0760c1b7b97e4703fed15e1a86c6342c64961edbcabb77ec9f208d552a8e38bc77b6e5b6b6b4f6bcfe1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
5abda118ba746489590803f2776b2969

SHA1
df4af9aff3943eb4844719738b08dae49052fc49

SHA256
a80d25e49f71d0305c6d45f772dfd7417df553f180b14084424361dd631d69f2

SHA512
c28f37fed61bdaa795b85dcd60ec1994ebd9083814ac82dc79b4f41502b3992cc08c115ebe30741375694b31c09a48d401874754769e4c1a1c189c8c277bf64c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
560KB

MD5
7eff7f996a440d05857c629b5d004ab4

SHA1
14a9bef9711c59b7d49fab2edecd5f5a6cb17687

SHA256
8ea0158d55f9d38ff19bbd051fa65ac5e63ae1e5354e6fcd8c5a23f0c420083b

SHA512
755ea7e5c3b86ee286894bbb39e9c0844c638cea614f6b2fd511345b3a5fefbb470e5877e68b9e4c567b2747b8831222a4cce13081f114cc6118960ca0b1f979

Download Submit