hxxps://drive[.]google[.]com/file/d/1SfUOFhgnmlzfFfFhQPq4HsFRPHoQZNCT/view?usp=drive_link

Analysis

max time kernel
143s
max time network
150s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
02-01-2025 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1SfUOFhgnmlzfFfFhQPq4HsFRPHoQZNCT/view?usp=drive_link

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
11	drive.google.com
13	drive.google.com
22	drive.google.com
5	drive.google.com

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3524	firefox.exe
Token: SeDebugPrivilege	3524	firefox.exe
Token: SeDebugPrivilege	3524	firefox.exe
Token: SeDebugPrivilege	3524	firefox.exe
Token: SeDebugPrivilege	3524	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 656 wrote to memory of 3524	656	firefox.exe	83
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1004	3524	firefox.exe	84
PID 3524 wrote to memory of 1928	3524	firefox.exe	85
PID 3524 wrote to memory of 1928	3524	firefox.exe	85
PID 3524 wrote to memory of 1928	3524	firefox.exe	85
PID 3524 wrote to memory of 1928	3524	firefox.exe	85
PID 3524 wrote to memory of 1928	3524	firefox.exe	85
PID 3524 wrote to memory of 1928	3524	firefox.exe	85
PID 3524 wrote to memory of 1928	3524	firefox.exe	85
PID 3524 wrote to memory of 1928	3524	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1SfUOFhgnmlzfFfFhQPq4HsFRPHoQZNCT/view?usp=drive_link"
1⤵
- Suspicious use of WriteProcessMemory
PID:656
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1SfUOFhgnmlzfFfFhQPq4HsFRPHoQZNCT/view?usp=drive_link
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {226709f6-ecb1-4508-82e5-c967f40b9f30} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" gpu
    3⤵
    PID:1004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24759 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b8d7ebd-8ca1-4998-8cc1-3227a4886608} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" socket
    3⤵
    PID:1928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2860 -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 1636 -prefsLen 22700 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ace24beb-41d8-47d3-a78d-96a2d1682b1b} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:2712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3984 -childID 2 -isForBrowser -prefsHandle 3976 -prefMapHandle 3972 -prefsLen 29249 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a088533f-3e8f-4c32-a318-a9d286e95f4d} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:1308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4840 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4836 -prefMapHandle 4820 -prefsLen 29249 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b56bef7-9bab-4665-beb0-4aa0873fdfdf} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" utility
    3⤵
    - Checks processor information in registry
    PID:3556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5332 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98507e15-4b26-4620-824a-56e4e3adf697} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:1588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5528 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec019830-13d6-4e0e-9bcf-bdcda6d32f00} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:4340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 5 -isForBrowser -prefsHandle 5732 -prefMapHandle 5740 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {383d0bbb-9a08-45b3-860d-b6bb97ebf3d2} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:2104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6140 -childID 6 -isForBrowser -prefsHandle 6100 -prefMapHandle 6088 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bec8b21a-fe2f-49ec-b35e-e9013ed3d96d} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:2560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5160 -parentBuildID 20240401114208 -prefsHandle 5168 -prefMapHandle 4276 -prefsLen 38349 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {413dd362-3d35-400c-a77b-5c8d2e18b506} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" rdd
    3⤵
    PID:3500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5968 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3576 -prefMapHandle 5156 -prefsLen 38349 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a576f0d9-7758-4c90-8c9e-571c137ade33} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" utility
    3⤵
    - Checks processor information in registry
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6532 -childID 7 -isForBrowser -prefsHandle 6524 -prefMapHandle 6520 -prefsLen 31107 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b3ab0af-dd7b-4347-a36a-0d83a52f6773} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:4884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6676 -childID 8 -isForBrowser -prefsHandle 6756 -prefMapHandle 6752 -prefsLen 31107 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0a38271-d22c-48fb-8e96-691588ad9be3} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:1468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1904 -childID 9 -isForBrowser -prefsHandle 6700 -prefMapHandle 7048 -prefsLen 31107 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e94f506-5dd7-4aad-87f9-e9d704102822} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:5156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6904 -childID 10 -isForBrowser -prefsHandle 6896 -prefMapHandle 6892 -prefsLen 31107 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {390f42a0-66a4-4fd9-8d29-4df18e73a12e} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:5164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7528 -childID 11 -isForBrowser -prefsHandle 4604 -prefMapHandle 6376 -prefsLen 38428 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baae6e29-ae02-48eb-9653-60678628135c} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:5756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7704 -childID 12 -isForBrowser -prefsHandle 7696 -prefMapHandle 7688 -prefsLen 31186 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d017e62b-22f0-43e6-94b4-82a4e727e36c} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:5368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7916 -childID 13 -isForBrowser -prefsHandle 7924 -prefMapHandle 7928 -prefsLen 31186 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6b61192-7457-45bb-80b0-18e8790ba3ca} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:3260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8052 -childID 14 -isForBrowser -prefsHandle 8060 -prefMapHandle 8064 -prefsLen 31186 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d4155c8-927c-45e7-bd51-b13fb7669e8d} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
    3⤵
    PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\doomed\24560

Filesize
56KB

MD5
b646d618d5f4287e5da504db97101851

SHA1
56bcf72825c1048d1105ae1b264458c326a8b764

SHA256
919d67e532ec7494cd32928a4ca4103aef951d7218013fa8260d7da555d1eedf

SHA512
d59866e5b8100686f7c135935af87df52cb56d70b7471906a637f6b5174ca74b24bafee6e28da45dca15fefa791b820d8c73060cbcc3c03eb551e26395344fb2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\051553A335BF3242DC5EF02590A97E60B57E19C2

Filesize
522KB

MD5
3b6f50d8616e07ff7b2c607b55d1186a

SHA1
4eac83c9f27b1c735a9c0bf5050133af3fface36

SHA256
49e4834cf66242e1d6c4ea2dfa37f524edf88665c0e77333d7afde4d8faa0a4a

SHA512
d9664fa07dc44bbd60e5d947f84a7bb5390c1219fb15a03dcc19480105fd5d94461faadc05bcb9db49241cbcddc2f41144e247d5ed0c4b08f351bd9708823887

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\11E0D0AB4E65C7C1DC30B75DE6004C2818D52CF2

Filesize
253KB

MD5
e19df3b1c614a523e717b2af66777d6b

SHA1
62a6de869486d05cbbb3e5a2b76d1c056778bd73

SHA256
dc257c23e857ff0f1d022b1beb0f83586ea4c84ec3d5cd54f022cdf169d4abb4

SHA512
4dc6786979e8e44d627da0bc10d6df403212ee5b430ea967ffba9ef9965fbcf1e03b34415a07459fe1167885055e7109460d79cfaf6eeafd06da2eff9b2f9460

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\4797CDF111A08D39310F926FB1647DA98DF5BAD9

Filesize
151KB

MD5
e8700b78beb0168a70615ecbd8f40f02

SHA1
aa0cc18f58b430a3af9fa7b9a0974275e1502651

SHA256
3668093a8a033380894b24118ded45afe386825509ffb2cd9db0a400f57a9267

SHA512
1e613560d8e16d07f211b138d6a41fe2d8055b61cc86619d87a98d66760b0a978dfaa8b349779c4bd9aa627b7455da7a5e711c90c532b914b54a49e3836a2e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

Filesize
13KB

MD5
318c98e833e97f4ae10e1d540133ac3d

SHA1
4f2b8081a9ac9115e9614fda60d0fd057ce73f6d

SHA256
382fe6d3784b83ae435ae64f324c81903b3e4c05afa72f43d1ba1de983e418b4

SHA512
799d2511e8996cc809ab9de7bac5ac297821ffa769b8c512a2e270b71971d30a7aa92c8d1527e0dcf8c47543b18c1547f355dc2966e86ce7d416441b6dec09e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\jumpListCache\5BTyx82zh3UcvtrroLGHwmCEQNWK_Kx+Fv_iuraNJw4=.ico

Filesize
15KB

MD5
a3c1306e53848dce3a3c2fec6e1cdff2

SHA1
87f8463535c624202f9b6efe26e993b0b1f3157c

SHA256
d2d32f8573ccc7ad555d258c8362cfb0b699eb4b004f93dbeb171f3510df055f

SHA512
871e877c73990e372a7a41d9851e9dcf301efdc543696aa4dbc35b8a121e24b7fcdf76d426b5f90fa3a14253440697de01ffa0d82d417e5490560ce7d9740aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\AlternateServices.bin

Filesize
10KB

MD5
45ff54e41108ec8d015df30c14b49a82

SHA1
cc226a9290678c79c5b4320f1e85325c58f365d0

SHA256
508ee6d72c380cbd37fa5377020aad35021acdf23cddac6a28a6b8e7c859be3d

SHA512
db993d363e32140e3ff6ee9e401a78ffd42107412dd3c4351294ab70d0f4bdced8b844c0140538e9e536bcb5e601a023ee0a07d56a02cb7d6db30f6a3e7984da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\AlternateServices.bin

Filesize
26KB

MD5
d9366bc7d3e41d60b64d7e9f09c0a374

SHA1
df4cd0b79eb1669a52b6363d077f238656cf5c38

SHA256
3cab0d51c578eacb81c06a6b0619dea18cc0b7c1b5fdd812d7835d806b22ccd8

SHA512
cded3872815f6026a02b076dd10c457671c32c04f1209292fe21fef487e9a33ee37d6ee2128d83f7c2d83f48cd3b508e6e6b3e01dabb0d9fe09e34dca307a64d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
16c786346d5914dd9240ecd419d80315

SHA1
9b2fb6e9333d2d2fed086d4740b98a7c7aa30352

SHA256
1f552e2d9a4eadcbaa8b618d1e3ab84875116af32c28a3748c1f7bf6bfc85f4e

SHA512
d53f0336c735fb205f09468e3ec3cdd75bc3644fdb40696a5e18ed69096e373e1a8f8c3c20db3d8582a8ddfdb125336d13e64da1947f5a8b2bfab76ff0934866

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
77f5d82f47a9deb2ef667f82971489c1

SHA1
f853c1fb9282b1ec978520e7ee48a4bbfe3a5b7d

SHA256
5d708a667f31ac6ea253a94fef18f6b37ac3a51110ccb278a3f34620f937b270

SHA512
6fd55da48e38a76e276f2ded4d8f455d4b32dca051a7d967ce15e1fc0f40b51adcae3f3622ee2174813a057896eaebb48e02d0d493e4fbf0c566e3273bd4598f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
bacd031f966490cec153ad31da8edd47

SHA1
64e3b7f959f562c2cf36ca421b72f6b4c600d226

SHA256
f062f5b8c1ddb9c8c51ac5f350302a962528a5454d6f28d1931893a1602353fb

SHA512
39af212f81f8efeb867d332823f4314535553ef0132273276c8022c1e3302664e41afaec75642597c81bc1e4df0848503f047f9bfbcc4e40fcf0fea9e48501fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\0fb43c3d-9ba9-4f49-b0f2-8749d22cbdd1

Filesize
26KB

MD5
7569a0b5a2d6ceb00ea64ce2a8f3a2c5

SHA1
b471ad38cfa3beafc59bc64264611e19db7eb449

SHA256
6b369da9b060a51773d5674ecbdb8f7fbe28e0f30489eba13b5d5c95fbefb3f4

SHA512
05148a5cc5bc5c913bca520c074c612d33eea9fbc206c1a3871a07af5a2375dd37bf7640ef3c2fc8aa609bac4d1d1273a17aae1c2f0e431e88a3455388a532fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\47df7257-74e9-4b70-8f03-27785b399ee0

Filesize
671B

MD5
4b62f980781870905b82becee616690c

SHA1
b0172b0d4deae1a3da003d271cb8f0a93b87bbcc

SHA256
2877e16055e35524a79f3b8dc297a761162d730d9893dfce5d73dd3b7ece6181

SHA512
b3d8f095ab51aae209e86881cbb6f58e7cdfc26c188ea0e2f89f0ef4e3cdf80a2516d8767282e335cb3b8861b99dbbd6ed5ddef53cdb5b5fc363bc578493142d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\ca94df34-98b9-47b4-9d3f-5b79c369cdf7

Filesize
982B

MD5
97131dc5afa2d1f842bc64758685134b

SHA1
737c05548c74febaa9d5b65e148daacb22e29065

SHA256
e259552a1a4ed5415df589dc437fcb681eab744eeda830b84e10f65038dc54a8

SHA512
9520e3389b1427327837ffbac39e0b026b0be5d9d906c7d0b4a233bbd591d4d4f31fdc080ff283f6dbef87274f68f6bc667cac01d90f0da3b4f4bc52f119c24c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs.js

Filesize
10KB

MD5
e8978e73dcb1214af38228f0af55f9b8

SHA1
0509d03ab479aecefc96862b5955cfd059c060b8

SHA256
13363b8e02df5c71e049c9f3cdb771360f79fe4631c4a23eaa9011a67f485e6a

SHA512
f21becc59e30a13241baef6296d5671f1b3008e8ef8ebdd02aeae1d4da7d9a867f96bbda02126bb63eb9fe6b95c0be5fcb1d85edaefd241e6eb0cd59d0a7bf01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs.js

Filesize
10KB

MD5
176ed8d53428d4bc162ea9f0f1a169df

SHA1
6765a835f09c6d3572a80dec27783eee2c06673c

SHA256
12d5d480faa36d442caec23e3f66792d05fc3e94c4ecf17629cfb57a3fd4828f

SHA512
81206ca5ad709207e80aaa90ed1ba70d5380f678e7f230a66edd0e5b28a4caa47ad6b3c5d44d6c87c6403d9595f3c970c379fc313e7d2f1214ab3ad1aaa2c7f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs.js

Filesize
11KB

MD5
417d8ed3d733c280facac15cb86518a7

SHA1
6a67a1d5461709331668e50778ac78d0357072ac

SHA256
022f5148cdc5130e17c7fb390720b6ce70eeb88753650caf019a8f9dabc6092a

SHA512
1331eed04130e5a6913708abe4f31f1a26afaee21168f6486df7ef9c5d1eabc9d9ccc2692c3db49985da70d71dcd32c0b0d8fadf31b1640e7b3e374e53664e76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
6c04fbaa3667d4cd0666a9916f383974

SHA1
e0ca8a66356138f2422ea710de4b8df512726fbc

SHA256
b6aaebaa0e364db5ef7e7413e3fbdbe954adae80db68964ce85dd87c4c452122

SHA512
a95ebc826ebc262ed2b06052b02034e50e27315b36473823f5241215d2f280fa404527c502d7c2d1b659b7ebb2302c52b105a8d8924677142e9829348c1417e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
c9eb4e70a64c9c5531d6926fc89d4eab

SHA1
b052e76b355fce2649cf29b546409eceb6506406

SHA256
46e46c21fdee0c90f2f72b9638db05c9e99241a4683dd286ed0af8f0fabc24f0

SHA512
562eb1a19c30464556f9e0b35c2c8aea26d724cf331ea392ff6079cc4c4729210f988530cb276603e1d3ba169e3ce36d4125f5a7956832463b0fb6a805ca9abe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
cb97473d4552326cc139efa8780b4c16

SHA1
5f602a409bc03c07b07dfbd2013e6c1620cdf30b

SHA256
514c008808329353de9b5344633f3fd382fc1a87bcccc829b56c2e11fcc43a7d

SHA512
2f3ee8742cb59d461fd770261ea990ed1efe33874b41f864b8a8db0c26157df3785ccb40ddec1da469a24ee5626d2677170c71c0748c6ae1181be565d544d485

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
b947cdd08d5414dd5b564dc3e43902e7

SHA1
153eac86869f20ce5aad44478dcf57a6cacf4c15

SHA256
e822668aedb517f0a8899bf22141d21fbd607281c523624a3f45f72305000a98

SHA512
2c44895df59feb8f3bf537fc48ef6a8594b788c7998c2cfab7ea22c2a525176f30fb17a7e69f0f702982de298382bfcfa34dcbccf8503f8e7b7d2ec1ca6e2597

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
16031b8d9ad5c4467f4024a85d794658

SHA1
73eb1fd43af194bb6ee913833a4f729ce99e8807

SHA256
b9a1f4d85c5f9a634cfa2f87621372b934415b30fb8b73f784216e4cce2119fe

SHA512
427ae0207b886e8e9e25f6bc421ff15b93abd8c4cc3362ed8b590d2173b385879b686e60332170bfba1b338d485db72c33d3442456c615e51c186e1d2172395c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
dc86181122e3870d96289021e7dc8a73

SHA1
38efbf9ecb77ce739c694447d372fdaaa927ebfe

SHA256
288a614f57a09bb479312c52f9019069b8c4884e8d7f57d172c18016ebdf234f

SHA512
5b0ac929f93b34957242ea9aaaf97cb65bba4d5ed588bc4becd7747b6d8cff8102ee533481dc12269e0be735cc65d2792e35775c365e7407a10b957376f49b2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\storage\default\https+++www.virustotal.com\cache\morgue\110\{4bcf3982-2ba0-4713-9abd-a9c59edbce6e}.final

Filesize
50KB

MD5
5dfc1d8e37280885d27e8267aafa32b1

SHA1
b3aed5ded4341ee77cb2a9446cbcf13ad50c162a

SHA256
4e6b9f01fe4f833a68dcb8c5d51518d9179c57b5d53a602e1c51cd22feea947d

SHA512
2832ffad5db7c55bd0f0040882709d6b16220802bb39c7426ef26d9b446dbe34ce01deeeb4a198c2b9daa77bd173534d24abdfe3e12c1a3d08d9d36afa622cfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.0MB

MD5
27771f0e0b7b79e4a310d7739a314e26

SHA1
f7090dd472fd5edb248f3aeae98d16d1599963fc

SHA256
7cdcf9ebcc4805c43e6434dd7c99738a7b965d287a3b951331217639c40f3a70

SHA512
0ff4ae3709194f1bb71dbbcaeb72c333f29e73616dc586f25604d0963810a95adab830c1a7e0a9a7724c9c6a3d5ce53a2a7bff5bb180c18d68537d233679f6e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.1MB

MD5
f14944a4cd1c408eeb8d266024e21aaa

SHA1
837907748de2f4f31476994df35bfc789923f875

SHA256
4e3c749b83b337b894af3d16d461c53413d2831bfc22a715ca0673f887c740e9

SHA512
b20efcddc1d9ebb8b974098a003fc1363581f64e00e69f8f4f1c2405e91e87825f0b60ea9f4a584634290a52d7c61ce12672fdfc00127b38dc9de3655abe316e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.8MB

MD5
d1f9e9a2868950d8b7748436d7c0f381

SHA1
97a70364e22b22b3742c1319645a4bc61099d928

SHA256
ac694163ddef43982c7c89a100013be3bb3c80fd8669393474b5a4ef848a2188

SHA512
7e9ab5c71a6fedb7477e99e80c7fd5fe8a8aea2b08e11bc4dc099ccdf31368c181c68f66f6a78457d8e87d43030b04965bc64c94221e94c7debfcd78e60e421e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.7MB

MD5
7fa44affc47ba2485759cee5f7e211fe

SHA1
f8b849dd350fa648a175d9b3c4d1f05f6d06faec

SHA256
278007b9cb9ce7b0bfaebe7efa938e23586cb8a7ad23d85f665c2379a79abae6

SHA512
c379f3d8927f134f5ccfa9ccf21ab2e57904fbc0e4520762a6b700cb08b5a27f516edbece751a58e9d8923f6b700f4368980996a521c269a38d70ddc2077e450

Download Submit