hxxps://drive[.]google[.]com/drive/folders/1JPTvzTuTh4d7p-LwSHyF1NL4ded87UKG

Analysis

max time kernel
890s
max time network
904s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
08/02/2025, 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1JPTvzTuTh4d7p-LwSHyF1NL4ded87UKG

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
7	drive.google.com
9	drive.google.com
16	drive.google.com

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2872	firefox.exe
Token: SeDebugPrivilege	2872	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2872	firefox.exe
2872	firefox.exe
2872	firefox.exe
2872	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2872	firefox.exe
2872	firefox.exe
2872	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2816 wrote to memory of 2872	2816	firefox.exe	30
PID 2872 wrote to memory of 2896	2872	firefox.exe	31
PID 2872 wrote to memory of 2896	2872	firefox.exe	31
PID 2872 wrote to memory of 2896	2872	firefox.exe	31
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 2740	2872	firefox.exe	32
PID 2872 wrote to memory of 1644	2872	firefox.exe	33
PID 2872 wrote to memory of 1644	2872	firefox.exe	33
PID 2872 wrote to memory of 1644	2872	firefox.exe	33
PID 2872 wrote to memory of 1644	2872	firefox.exe	33
PID 2872 wrote to memory of 1644	2872	firefox.exe	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/drive/folders/1JPTvzTuTh4d7p-LwSHyF1NL4ded87UKG"
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/drive/folders/1JPTvzTuTh4d7p-LwSHyF1NL4ded87UKG
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.0.2144580185\948398179" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1160 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee66f3e0-887d-40a4-9a88-23edda8dade7} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 1344 11fe9458 gpu
    3⤵
    PID:2896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.1.1020800652\1629647767" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1500 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {122e16d7-e8dc-43d3-a860-d90582cca962} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 1532 13ccaf58 socket
    3⤵
    PID:2740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.2.1874452058\575862293" -childID 1 -isForBrowser -prefsHandle 2052 -prefMapHandle 1928 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47698441-c0e1-49bf-938a-2639937343e2} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 1912 19aaa558 tab
    3⤵
    PID:1644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.3.1955794869\244543217" -childID 2 -isForBrowser -prefsHandle 2988 -prefMapHandle 2948 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efd4a7a1-dba7-4987-a527-374279f12e45} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 3000 1ccaf558 tab
    3⤵
    PID:2144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.4.857429410\76143662" -childID 3 -isForBrowser -prefsHandle 3784 -prefMapHandle 3548 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ac14a01-8cdf-4499-b25f-617389b04d1d} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 3776 1f125058 tab
    3⤵
    PID:2004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.5.1796523133\38477368" -childID 4 -isForBrowser -prefsHandle 3924 -prefMapHandle 3928 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e44d3a1a-ae91-463e-a600-56dd2c56b543} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 3908 1f125c58 tab
    3⤵
    PID:912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2872.6.434802552\181153611" -childID 5 -isForBrowser -prefsHandle 4088 -prefMapHandle 4092 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d50deaab-1af5-4f6d-854e-b74510992206} 2872 "\\.\pipe\gecko-crash-server-pipe.2872" 4076 1f126b58 tab
    3⤵
    PID:1880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
29KB

MD5
34720b80e82c02be8eac2e2d08b80c7a

SHA1
796e71aa38db3a21e201deae9d3c19f09d85fd35

SHA256
ee65b9e342cd2b6648364652c51e20432e5e078cdc6cb5775597edebfd7d473a

SHA512
2c6be41f002c0700d927a0ca41f700a5d0f452b8e82edbc083c7e2576ca09fba912620fe9963b2fa5b0c3ef382fb82b427777bdb76fd044402bec3e7ea2d6d40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
5f6b11cdfb8f82eb87fe1d710a2ea351

SHA1
7e4407240503a7c770b86473ace11402fa5f904e

SHA256
6bc49298ba7df255b1d1584c9006fd77a0e80b4364a0b3d793943e8cb0d0ef08

SHA512
dcd55f1eca1a35b555b1ae8fb5373a605b8ad9d70b00e1f449f0b11f5f838aab3825acd7fd5c07ce4893db0ccc195683affa5a62c9e0e477dfe8f8ad5887e724

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

Filesize
9KB

MD5
a4e445f2280f1da70499ee02283556d4

SHA1
f92f86929be5567819cb088817bc4ed9f2e3505c

SHA256
6ee7570ed877db9e415fb781bac5a7f26224f3065d1b4b6de3070843221e1989

SHA512
60d8567e8f5e02c69f54e10999da3c926a22e5d46c507a43a5fccc53e94fe13d14280ced6f871c906c9e33cea54fd0381a050214cc1a68a1ce761216f0ce55cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2

Filesize
15KB

MD5
be0ad1942497b1d52c0ed090d46f11fb

SHA1
164913d31c25266d41f673ac341c3dfa6bdec215

SHA256
829388ea4867e3e6d27d80c48cfe601b736ac8d60fe23ce07c1c1ff8f0037c73

SHA512
b80a0b69ca1772128a05461cd20b5048e48255ec2e40dfd887f9028f898ccdf9e2c1a6c01b66a612b99d4cd03e16ad332d2ea167928f0aefbb975f5f196a2521

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\1E3866B584D906DD8CB8840AB2070142E2DEA38A

Filesize
14KB

MD5
2def0ede68827819a69e8b9b0e228d30

SHA1
828769cdb5b0e97cfe0becb00898f81c741b17ed

SHA256
ed6cb368f153cee111be546b0154cd9b9d2f7918891ac1ef2d332de0cc99c4eb

SHA512
32ae58975a3210449a3dbd4c6bd52de4dc419040b8bb75b54355181d4f6f66cacc1a6f816395de48d01889cc658419b6a4c770717bc7e6a02c0d4f8ddb5957dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
1359d750a7b7b0d2e713c349a12347d9

SHA1
c47f2ce5713eb2baaa323c98d770356f8b59733c

SHA256
2e6feaa92b91347dc69166da0948b1a4fb40739baef19575883001db76ff9970

SHA512
ebb4828070fb03dfb1029e5da98fb28a888635b866fba54b86c12da2d9bacf89e8c791e6986744f5cc50792a8547fbe730b70e7646d22ae6989733c58f8df6c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\32027373AB514902694BD2F13A8E08513EAF1DF9

Filesize
369B

MD5
8eaeb374f42c5c3186a721d34d3c6b7a

SHA1
66f11e1e2a74fa6f8db5c9abd2c4a0e94c8c5fd6

SHA256
5fa7a4df1ff333310d7e6a57176f3619e5c16f6d36aa291dffd3bac121c76d52

SHA512
19261090d19e11a8226cd371672026ccce7ad2d1ccdc311e351b7c609ffcfd2a061925c7d81b3c9b84dec39450d569475bb578fc04c932dafc18c125ab7755fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\37373F56CBD822F5FCF64BA01E1320A0924D8460

Filesize
24KB

MD5
135258b4e654bb35797179d0206aa059

SHA1
1ff8ed94bb838642e3429bcc00dbf227b5cfe607

SHA256
742c12c7e5c6039518762d191b3778d7b161a802569d1d8c113e9d6f46abe17d

SHA512
9c5adf0635f2d457ef05e183449677afe03b8e65fb6f2749fc77a0a5a25a3eca8cff03cb6a43b98003956f61414d02579dd61312ed65e06ddd116c013c85c494

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\38F8BB4D4C11D7874FE58239E5F3E14FCB8212B5

Filesize
11KB

MD5
d7c1ba0ede2fe779dd05ac7b04f23290

SHA1
ee7c5e2c5af82dccb294c6a144c137c3361c4a34

SHA256
cd8a3e3856dacc3e4cb58115e723e3ce0c5775da38a439956321247b00bb502c

SHA512
5ebd31773ebd31be0ee818ed2e1836fbd394a46a79dc8ff088e997ad67d6897294d1bb7d4f3fdd07624218383e8a91d7e1ffd6dbbd2389097de36a53cacd265c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
13KB

MD5
96542ca3f6e7093eddd3addee0dede93

SHA1
ee98de115cc27b6d172832f40ef5d1ed453e5683

SHA256
ce08734e16022adb4060d31f68dfb324a30474bc20790f40d128c4b41452c1d3

SHA512
539c4576e32edeb8ff1e22ce7c33bb2b1d5390f5bb9a9ff931858febf8d7e72e6b977bbced276efc1fb4b74eb64732917f0b3342ee3727065e85f23975629a0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\8A68B395D8A7ADB1C15C3AD671128DB99D508487

Filesize
15KB

MD5
318bd8fcfafdbde8eca8a3bc84cdec48

SHA1
b9aad4313c32fff9f6a21c6db32b65669bf2e3e2

SHA256
7ad9d81a16e03496d10b78e83da48e885401ce8d94670e5c76a4c6da0a8417b2

SHA512
d034fdcc239191d6fb96053efa800b107c9f3338e9162ee2d73db25af55b7fb6ed33894bc4dc502d2e2e521e9fe4207bdf94cf90aaa5cf7c368d911da5ae2b1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\C426D93E5363AC88621761290AA825AAC4541C84

Filesize
41KB

MD5
cd3fee1e995acf6504c67124dc1d865c

SHA1
d4b96a4979e1cd9fbc64e4e33ebf04e4495bf69b

SHA256
1afe4b6f87180aa3e958176076311f7ce76a23d4d5baca18965ad91933393e5d

SHA512
1f1e520fb8b7585737e32b44ed62979b7f3062286d355801c9b8af66a9c08de56dda28f515b05413d3c4dfba268acd8a50a0854058fa9382771d68c5ac2e060e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\D18FB7DA89F8DD4E7A2C97703A1647E8C981D05A

Filesize
13KB

MD5
38873b8a907dbcd090b0375d52016dc0

SHA1
da068b2db5888837faa7de16de9fa15e92094442

SHA256
63e16c8078352ab6221d174cc3b62a6765a1e3337ca51eee5165be39e29ad04a

SHA512
c502a3ae27988c1a9e8096019d97f0e7ffcf39d3f992acfa461c9441da7e48b56b66af0c8e1dee5a84533707f312fccbe69b24f0b45611bdee4c8b77eb9d4c04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\EED04D9C43E90155A2F80AD3ED4E71D25EDEBFFD

Filesize
13KB

MD5
e76da6e18696ecfe42b221616e0f4568

SHA1
e764236aa1ff715565f6e6b524c3e296b22d9d13

SHA256
f79b94b671e2316fab7239ee258585af076a1202e6f0005f63591f33c4f7ff33

SHA512
da549ac88dc982000ac77b28673647e5b50a19e34f22a3b65e400f9451200d49e32dad1918a9951d8da4ce0a117a08ee74612ef6664134a19f6518acfb6a2b52

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
243B

MD5
4e42565d7c99dfcd03e8f9f96d73675f

SHA1
789440b46f4a467b8f611b484a06c9ccbf8fc6f4

SHA256
0b422f9fec9dc8f1eda631d9e72d4c8868649fcc788b64e9ec39c5e87f8b3c81

SHA512
201d9410ad1fe39a0f7d69fca3c78f1fc93232ee43faf210a127c033dfca66d78df24271b56b18038f6d349247e5d224cfc9aa25a3497bec8f40ce2ebe07f14b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
0838067daba27e2655483d403c912f14

SHA1
c40f2362338e83e0f2982982aad751cf877eca79

SHA256
dcbce1807633bcb2a7887c7bafa2631070ba06384133eb1127a61cbc2a8714cc

SHA512
aee800ca3011d3e712b22fcaba76933cc7f776471962d1864edc9982546b615f8bc085fa140c02beaacbc1b28dffe6364754d63de7f08bf7d40bb49476586989

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
adb4854bbeaa14d8ba9d6e900684e623

SHA1
e276385bbaa0eedf979e51f1dc4dbf30a08dea7f

SHA256
58325e0ca83ff5ab18fcaaedefdc8c38f241589bfb349c035cd5dbe98bc07027

SHA512
4e4f942aaa9cce7d0dca026e94763c57c6702cf41ca7a4eb746759fe0fc56cc7d73cd2dfb47c886bcbfdee198a37a9d1f5e2161f9ca6d3c7c575742524257c1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
309825d8ba92c8a916a4330729df55f4

SHA1
5242c524951a9a8f6c748bf9845e6b2cc9b14598

SHA256
5c1b0dfdcbdca315b2e1e425babf31403cfdce2b5c56ec44b65017ed5b562533

SHA512
821faf9d6f67467821cc768ef667d1176733c0cdcd024a165b4a424da876526ca11b64e5c529d261e5111caaf9bbdebaeca1f9bd18e40cdc966e7e56f5a8060f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\bookmarkbackups\bookmarks-2025-02-08_11_6vqzIHF+OipusY5iw--RMg==.jsonlz4

Filesize
949B

MD5
4c5f54cd15a53ec6351c5369ca76c545

SHA1
cc39b4ec1577736cc8db967335b14c92d40709ee

SHA256
dbc7cfdcc9e4f7281cba70f0b2ad9330893c3a370bb79121add28c61db903b9d

SHA512
419b16b4f5ade64ca7fd8a8b2aa35e69e5178a9f381d3f7056e0fa6a8bdd887208c998300186b9e830343c4f31d97c31485df0c2eccb5d8b0b26441630f31379

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
c15577ee19ccd9f7745a33b1a464c627

SHA1
57aee4e1287600fbe65d612d4da9cb2a69edeae9

SHA256
9c9630a68a332c688ad7371b7c16461b9a5730f19c296637e4d37e14eb9ebf99

SHA512
f35657932ee7e790650a170a4d1086279b65d8a08383f6b520f95fcdeedeca7977533a50b1bb547f3afda1df38868acd10ab831bb41255f7e5e9dd3e199c4b89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\5bc39023-055d-4adf-9d65-17363b287863

Filesize
745B

MD5
1649fa414828ca35b8f11f7555704f0c

SHA1
b5f387de971cf5560accd6784a46ff0f7e8b269a

SHA256
faa2db6063667468379b9bfc225ebe873b94133718928be6696deec1dd580c5b

SHA512
40cf297339bbd1f0697ab9e6248d0d0ae1bf2d44f6dcbcd448f0a1badf09f0d0db08383335c9b794f41f95409cc573490e1662a597721a68aa7fe11fc83ac5d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\aa679ea7-eeb8-47ab-a074-db6e03d12c85

Filesize
11KB

MD5
20e5bda2a433ec952dabf587de107587

SHA1
de1e253a860d5dba290d9f784479e9a80ff03ed1

SHA256
75e39c8721f23c2047c1f73199bf93c3e191c76df607a3ca2652c0767405a50d

SHA512
8a39d0ee7b516fa28b836a794b25660b693cd730252dcbd14aff7303c1b83d534486f4adae3f56af82a408e38e31ec536b96a0597e67b9ec71457129560c4092

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

Filesize
6KB

MD5
d0cc1795b68e081944556907f755a4a6

SHA1
ac8f2fac124127d0c6496266369802767c0ab2bd

SHA256
f1623824ccc8351a4561fedccf9ba348a638fd1920a6cfa79d7ee58141f881e5

SHA512
ebedb6d9017913e72e08d3ac6084b2f89858106964672f90301400bba666743fd0cd2b0bff32e72fbe00b345e0c8b00c103c2599467fa86733f1580a6e2fef47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

Filesize
7KB

MD5
bec4c56bcdf39b9514dab13bbbb1a9f3

SHA1
3c64d9718ffd76fbd23618b034f990f379d1fa37

SHA256
db383e66f17a2a62c55534743c1b1140fd0618219ee43f4a688bbf1151c896d3

SHA512
539bcc90a4c7ca6fc91b16802724e26c92a0bb239a451ee91caf823777bd8c0a53a8f4fcd4f0c4a29b9c38860c26fc3325b1c95ba13e14d7bcc73263046f6757

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

Filesize
6KB

MD5
53d870c35b4c9bcfa1c298e5361c6583

SHA1
8855984c91c9c04d44f4036ffdd4b3b2c1783b6d

SHA256
bb43f6247c3ed9ac4b337597afc9e7d03a36713357fd8992faf5efaa5c59d47a

SHA512
84ab827b45aff69c42d0fb04b491fb9ecdc4406adea34f7535d13daf379f0bfe2038d2b757355137236132830e69b03d3c4dacc194cb1fafac4f87280affd7b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

Filesize
7KB

MD5
636883e3602954732c4e76d864fbd000

SHA1
fa71d969beade372a07392456f9cfe414088afa8

SHA256
bf634e2a559569654801f506c7fa7226952f16279e187e6ce935a6bfd83852fe

SHA512
d522b720bab86990e847eca0189e7b7a3bf32d1a72d0795e2657dd89818c51e6e0203ac65a0643064db99d3fe4f544eaeb23b5fc9f4593c444a0a5d099d1d113

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs.js

Filesize
6KB

MD5
01971420251f7afc85683d25e0aca6ba

SHA1
babd22506064a1ce2b385c000daf1f3c553aa00f

SHA256
f7dfc09be689a4c0a3112850ca7834b2acdd117b598771938e0b138f7e63c4a5

SHA512
fce4bdcd9745fd8ecc36561d57ae66004198912b54383c7dc6694f21a0433082a71faeeea6767836a19c830aba73cf27a2307b3670b9dcf8a9e8a17c48578da6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1e16e5804a9ca0072651c70843dc2176

SHA1
887607de7f8efa0f065660a631d6bf133c68aff5

SHA256
cf2df8b618e9ad2da040f84511b081330c1181b9d928a4a193c80b1f0aea250e

SHA512
b231ec7a7039d76990a1cb065796d25288634842b72d970cd11ee8baf0b7117a3b2243eeabee871805fe57fcc94460312d55e2b508e7d0339dc0aacc06e3b022

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
bfaeacba421763a94d290528dd1fec2e

SHA1
3d8b018541ee62a1c6c0242d192e5f2c7dcb3471

SHA256
517d48fa9466641046d88f844617c80b74038dab9c7ec97ede146058d014667b

SHA512
8ced16b4fb00c6f7c26f48e69a9993aa8ef3fd65625d629187003190c61c5c949ecc6c67ecaef842d5d8d67fbe34749d29741d217b470057d032a93e8d7b35ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
c57b3b230ad93615004b8615837beff8

SHA1
1f734e66449408c41b8ca69420f94e5c06d173dd

SHA256
cb8b9b7f42b3008e599b950ab63e3a6ff61b4b9a317c0a612431d84ef69cc893

SHA512
59183ae32f59947a873a60cb7a1429eff58d32ae0bc15eebf65567378ec4ee0ca81b8c9fafb809258ae39f6fcf09bc0c683cadc142ac4520653b71e2da7a616f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
64d576f0ff54abcfafd0241be84b1dd5

SHA1
1bada8db5499225f6607308bd2445d8fd510e6d9

SHA256
2e54b17d308c469838a4aa2af9d07a6a6fc0b52cff7c1fa1a25f8104a07782ed

SHA512
28772c9b7cee2ec2d365c9c4399b47bb3d3a2c77148c51cd3307dffdb7e6b544bcde10255e688ab485b098ad0119dacd534c0699c540f282c234f7bdcb82a67f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
968bf041ead5f494ed80fdd3100da4db

SHA1
99d4eb8d3e7d58a77aae3eafa5c0926ce8dc9567

SHA256
59c8973b9099bad545eab0fbf6e2f7836441128a10d95d236167d6c4254f4ba7

SHA512
27b2c426dc78b9bb5cef04b510cc18f5210f990404cfae60ee932536102002db606d4e52f0cdc0aea06700504d8cb1a4dcfeac6ca082fa1b9407066bdb61fc02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
ee8cb5f54bbf3aeafe06b703baa6fa44

SHA1
86b7338bea17b9d2f445028b4fef601e02f61841

SHA256
a25b4c695256be0fde8dc156b185361e72e63705f510d24951bf36fe9d9ca417

SHA512
1e40e765f7f3794236bb0bb7b66512e33b1331eec52759a400fecc6b93ff37c9317ded34c732aee542f0f8ca668721130ef506be91bffb95f7f66256410ddc08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2037e965af72f36fb8beaa5097eade37

SHA1
f3742f433a4323e1ecc052aa5d60a8b841ed532f

SHA256
877dbb5b4a53950b5598b0cdb82348514b652d1bda7731a5b855b3cf005f2548

SHA512
78a5162cf3dce1fe231a26fbf5b5a703f1361c6c4db17c84a9c70b55e568dd1e7e71ab75b22c75126431b5441ec4b086dce2a384368c68c994d985f2375b76a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
62e8545d12b0c8eef0e35246d2af6b7d

SHA1
1dd8fbf92029b6d61c893f12f1508214b571ee76

SHA256
de49e8ba4278deeb7da7a76fe3abf159daa2aff6ec13011c16184b5979fedd54

SHA512
e636cbffe55021b1d5c23f44200af6a8a8ffb5fbc16b01a82851812de9ec796a9c954b34c867d17c101ef16e59576f72332e64c347adccafaac34b62492b6770

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\targeting.snapshot.json

Filesize
4KB

MD5
dc1296fe2cbc48ceeb0c41808d641146

SHA1
603fff6fe7ed1faadec9f6c907105539bf4c1820

SHA256
5ac875768444a9661f44b47545dc6fdc28541eed63944736475ede33d2678bea

SHA512
5b2eefd251a51fcc47f14e74377dd080435c81d99397628300400d7f1a198b9d391f3ad543cc70c76f33c7d4f70692e132363da08d874025344ceb1f068d76f1

Download Submit