d825706f6385197d29747fb58aa23bebb189052452f0e2c96a6e83f4927d935b

Analysis

max time kernel
122s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2025, 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.6/bin/Monaco/index.html
Size

164KB
MD5

001dcbb8f41cdcbf9b4d1e3a0ed4b2d2
SHA1

982a05814546017c40771e59e7677b53d84787e9
SHA256

f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951
SHA512

9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa
SSDEEP

3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblM:64J09BA3pZaFD48VOAGUWYPjdlLJbRBS

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	firefox.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
20	raw.githubusercontent.com
22	raw.githubusercontent.com
23	raw.githubusercontent.com
26	raw.githubusercontent.com

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3484	firefox.exe
Token: SeDebugPrivilege	3484	firefox.exe
Token: SeDebugPrivilege	3484	firefox.exe
Token: SeDebugPrivilege	3484	firefox.exe
Token: SeDebugPrivilege	3484	firefox.exe

Suspicious use of FindShellTrayWindow 18 IoCs

pid	Process
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe
3484	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3484	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 244 wrote to memory of 3484	244	firefox.exe	86
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 1456	3484	firefox.exe	87
PID 3484 wrote to memory of 4668	3484	firefox.exe	89
PID 3484 wrote to memory of 4668	3484	firefox.exe	89
PID 3484 wrote to memory of 4668	3484	firefox.exe	89
PID 3484 wrote to memory of 4668	3484	firefox.exe	89
PID 3484 wrote to memory of 4668	3484	firefox.exe	89
PID 3484 wrote to memory of 4668	3484	firefox.exe	89
PID 3484 wrote to memory of 4668	3484	firefox.exe	89
PID 3484 wrote to memory of 4668	3484	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.6\bin\Monaco\index.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:244
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.6\bin\Monaco\index.html
  2⤵
  - Drops desktop.ini file(s)
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2004 -prefsLen 27099 -prefMapHandle 2008 -prefMapSize 270279 -ipcHandle 2084 -initialChannelId {04bb61a3-8b2b-4d20-b2a1-52d023eb9a65} -parentPid 3484 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3484" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:1456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2484 -prefsLen 27135 -prefMapHandle 2488 -prefMapSize 270279 -ipcHandle 2504 -initialChannelId {097f2ea1-4006-4fb3-968c-0553ac978e69} -parentPid 3484 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3484" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    PID:4668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3880 -prefsLen 27276 -prefMapHandle 3884 -prefMapSize 270279 -jsInitHandle 3888 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3896 -initialChannelId {f252a529-8b60-44fd-bb75-11936e340e62} -parentPid 3484 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3484" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:2868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4048 -prefsLen 27276 -prefMapHandle 4052 -prefMapSize 270279 -ipcHandle 4136 -initialChannelId {3e963ca6-0e11-43db-a545-4a377b3e7cf2} -parentPid 3484 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3484" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 1636 -prefsLen 34775 -prefMapHandle 1652 -prefMapSize 270279 -jsInitHandle 3284 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2636 -initialChannelId {77198d81-444a-4a0e-90ea-b032802ae627} -parentPid 3484 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3484" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:4192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 2800 -prefsLen 35012 -prefMapHandle 3100 -prefMapSize 270279 -ipcHandle 3108 -initialChannelId {d23fd475-e451-45c9-a600-820d9ffbe0de} -parentPid 3484 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3484" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:3584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4564 -prefsLen 32952 -prefMapHandle 5188 -prefMapSize 270279 -jsInitHandle 5032 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5224 -initialChannelId {eee8a310-f29d-473c-9fe1-cef5bed41991} -parentPid 3484 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3484" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:4940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5372 -prefsLen 32952 -prefMapHandle 5376 -prefMapSize 270279 -jsInitHandle 5380 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5388 -initialChannelId {e9ca58c5-c9f0-464b-a89c-0fa69dd25099} -parentPid 3484 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3484" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5704 -prefsLen 32952 -prefMapHandle 5708 -prefMapSize 270279 -jsInitHandle 5712 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5688 -initialChannelId {f7ed117b-587a-46a3-8156-0add0ef5f082} -parentPid 3484 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3484" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:5688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\056i5meh.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
3ac1c88a3a0e1b01ccf68f2ee97b5630

SHA1
1fd3604839b4307ab1ca4bf075d1059f43c61968

SHA256
2aa6800c91e671a816fb566ecbda43d500ddb39b3c778894d641bc8b92a0b9a1

SHA512
35f3d6f6946d8cb21117fc5aa987ec8203c6cd8079f7f76fb83e2ad636611bb9dcbb1c6cb88bd4711dd95837223a26a078108c72ce463cbe8e08de201038c41d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\056i5meh.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD

Filesize
13KB

MD5
5b0acc2ef951d282f1fd808e593383d2

SHA1
4179a70963f0ff2f1f6d9a644927b7c6bae29cdb

SHA256
8df9784734d60e075e75edcac949bc33bb876dc2e8508e73eaa53431211a8bf3

SHA512
25de46f715d45c784dfecf9e9052be4d9bd25a77f1cb790658033ec8cac6432ae69f3d8f820871334ef5c392e1620f542b688c37aa927cac9ac6fb44e2e22258

Download Submit
C:\Users\Admin\AppData\Local\Temp\3c887cef-81d0-46f8-9329-c1c36604919f.zip

Filesize
3.6MB

MD5
8f0ac7253f77aa16992f71633fd14a81

SHA1
1d52e3fbcdeb0f224cf2d3f0713803dc31486ee2

SHA256
fe3b34e1b42d481a880f114fc6abdb6bf7bf19020f3d41bf1125ae6deb69bcf6

SHA512
426a1c0c4e4a8f4c4040af099563c369230a25325383c2a62bbe5b8598e580d05d71b29684ffce954d17c93049226ac64f077b349e12372b1815ecef1bbd3bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
13.8MB

MD5
3db950b4014a955d2142621aaeecd826

SHA1
c2b728b05bc34b43d82379ac4ce6bdae77d27c51

SHA256
567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632

SHA512
03105dcf804e4713b6ed7c281ad0343ac6d6eb2aed57a897c6a09515a8c7f3e06b344563e224365dc9159cfd8ed3ef665d6aec18cc07aaad66eed0dc4957dde3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\AlternateServices.bin

Filesize
7KB

MD5
cafa9110b74e551e1de03340215bf24d

SHA1
aad7507589e839e1cad22a6b0258169837c3743e

SHA256
4958fb088a09d9254d7d887fc316482dab7f20bac92f8b35f7136ee2ef0c0bb7

SHA512
beba5dc40e6e27220a6aaff71cf49d67736de4d246176e23682376dd30ff1d1f98f4b6a912907750271ee4d6f87085649092dcb00803edc61934ebae3e6163cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
5fce0240ebc802354f9329182dc13c93

SHA1
294c99b38f341565efa08f37a35733e481235240

SHA256
af27c4ae55b70f2e585e1115d25246b9b63dd1388d405d62d37706d64435a187

SHA512
6efcd5a7b1128e1ea36abf7a7890360125a44eeaa7d58d547a4c681a6166585ffa4ad76f04c748563fbb2055ce5a4b77a418a4c8c3449fa5b3c16a1933d0f934

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
ccc3d6a1df7fc0af06c2aa85f2b83caa

SHA1
e9228b5ad58b3b5d22127322286f3ae905f7cbda

SHA256
8a5c3728993940ef30b9cbf253274cf1a4ff2932f9a71483886b204a85bae811

SHA512
71853cc53d84c4b8431fbc1e860daa916998488eb2025dc8ddc7884b75421c7aef7fdcbb5307de6cb471b1291c4c76e54d3ebfa9e05ee0d13e82f9496dba786f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
0ec7364dfeee84729bb62e2b4a71078b

SHA1
4c58699816fb15cf2ae56a44b9e355e567499b71

SHA256
c68c6e8bc24d9181816c17b96eb3c9f914cb34d3dd875a9cda2bbf7116d93c5f

SHA512
61c987aa7b6352cba6c0d78c1777205a257e24a3fc3a306820c56a89859549a794bab7ea447db9e4e31515bf388fffb3838d732aedb6bd10e63d6572318e75e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
d527db73f52208ff107bf0fd836580bb

SHA1
849bb9f022308b4e0683c7c90fab42e96d47a1b6

SHA256
d67b7b203ded2b6c472c5b34719bc6c4cda2be289a4ecef6c6458dea8ff728f5

SHA512
17526ff97e625116f69344711c240554c2a5476b66e427c9503977692bd44d4342325dce9624f7c302b36954b10aece5f7b63de73a5a8db10e2ff9ddc50c794a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
ed177b435d271aebf567fcdef127e5f3

SHA1
f91d36505ee4dafcc3e3979b909e4d0f44b5eb09

SHA256
0150b60718ca40c5e0ba53fc90ecb54e18ce1c2633c3e9b49f10c985402fc612

SHA512
ac11c6f045965e626a8c82edc27e5a5519c05c73ea4db53578a772c2f1579517b26e674a08c0a247e514b7dd681a2f7d261286c7f035c389f131fc3f832d5abe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
06c1679ae692341d43bbedcf8f77ec4a

SHA1
9635cef24e11e642fdf73d8060da3659d50ca3f6

SHA256
db67b493ce353bb692339090ab64b76fe8065d749d8d4516430fa118d1c30f74

SHA512
8e5dee4ea58060531a342cd984633e7b2f29306263715679498c7abced3832fd680f9b15f360eeeac144ed8c11ef55123ae9f669484386c286eda1b99b047758

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
f7a8acbcb4bad7e6267c8c183b739ac9

SHA1
37fadbbb94626ef5be001d4e819fdf40c1f1f93d

SHA256
e16341fa7fc18179b565aca95c035610b733e234023777df5de3c2c36ec13219

SHA512
1d150d2c42b45cc73401225625fafdbb5e934fefea4369838177cabb8d6831964ec39f7c037281cd1e2d2ad98391e590d67623f65ea81f7460acdbd2153f1f0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\pending_pings\0295d11c-ef48-44ac-a9b9-8889d526b9df

Filesize
871B

MD5
e7ef99302721bb3bd210118969dc6592

SHA1
2193f56d6237d010094921d79da51f8fd6e206bb

SHA256
18e691f8b3e65da7d26e5493a77e663be64475431fd775ad6449309c6a423808

SHA512
e38bc41284be3dd38606043f1268e25bf95b11c409992b90af6f2293f8202e82299a8c4367990b09fe92a1d412398806c5b175c18c6dedf60498ce024bf2863d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\pending_pings\058010dd-add8-4df3-9866-6fccf9d5899b

Filesize
2KB

MD5
3cdc9ad07b45571f29a5270b9b124ff3

SHA1
288d671ad2d22d1f9ceae1079b858ac720e04e7d

SHA256
f81d1621e98d908277152f032904c9b2c7d3f22730d7df4fc43a4d85212900dc

SHA512
96ca44ece875574df5e86b216105fe22431c98b8b96068c585ece647a79e328b1e2e3dc2b251b8e6e7b85cef699037cb07916f4fff9c8d66f8af01ec5a5414f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\pending_pings\a477285d-6ca4-4bea-8890-8f60e23df11b

Filesize
235B

MD5
061d1acd195f6ed8ebb3135793382dc2

SHA1
a48c1cf5268b52ff08b8e11e7a423529987e753d

SHA256
8d564fb132cc7aeda7485d5a2dea6fd5a58843dcc729e90db7f41b4957eff9d6

SHA512
b877b0211fa264b8a1d69691857016ba9d2360dd767e1ae523e0fe8718396c4f34bd0f3caa15773b212a9c916824242d6aa6fe2767c7d991b4f73403d2da465d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\pending_pings\c2e6b209-a70d-4f59-9312-73c3ebf170a4

Filesize
886B

MD5
7fdd812b0b1bddbd959eda3769b739d5

SHA1
6b33c86b9459f49edb5983ed129d4d8638234eee

SHA256
b2612792465febd7d324c2fe7be96ea3ed8833a536c1c02f6b58d693b3462bf9

SHA512
45f1b80292b81ffbc73acad15689688dc0afaca697a6ff45675ba95dd4ca1f1d58417dbd35f57af0637140b1f17ba9fb68579771a792577e9db6ae6a8359b491

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\datareporting\glean\pending_pings\f6e446f5-d4b0-40bc-a0ca-9e299a9eb44b

Filesize
235B

MD5
2931fead7dcfc028a29218ec300ac2a2

SHA1
8d911c959d5329495ab98c28fe2868d4819e2970

SHA256
dc1637f6b2a700d4cf333d80130f2f33e5df3e9c039c9388dafe67bbc99f805c

SHA512
b2db234f37c9e66e87615d55d209fcece000da3e26e5d702ddd6eb8c0b2c632c34d136168dcda109415ef17a613a54b9db80c13622a9068cf4916f1a12fba743

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\gmp-widevinecdm\4.10.2830.0\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\gmp-widevinecdm\4.10.2830.0\widevinecdm.dll

Filesize
18.3MB

MD5
9d76604a452d6fdad3cdad64dbdd68a1

SHA1
dc7e98ad3cf8d7be84f6b3074158b7196356675b

SHA256
eb98fa2cfe142976b33fc3e15cf38a391f079e01cf61a82577b15107a98dea02

SHA512
edd0c26c0b1323344eb89f315876e9deb460817fc7c52faedadad34732797dad0d73906f63f832e7c877a37db4b2907c071748edfad81ea4009685385e9e9137

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\prefs-1.js

Filesize
8KB

MD5
a021f8dfeaa48d79654f1f06f741c137

SHA1
387476fd70794d74a2ca1e265666464020f251aa

SHA256
486bca240d00eabc43c8f54d6228f340d3db03a1328243c0db1db9b42d30efff

SHA512
400f7eb9f8f85327391b8b9d78d3991cfd0f09e282702349792272e9304fbd73b356324b8c688eaa5b88d16cdf8dbb69f1ca119f2cd6e03f72129f197ff8b98c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\prefs.js

Filesize
6KB

MD5
743fed3587781e2a7ed7bc829cf4fb98

SHA1
de65b9cccda4acb0a48ec36609d3e3b980cc098f

SHA256
93f5b54c1fc440058bac3da68408bdf050328198ad69b94e16a016a9aa547dd6

SHA512
532bf99f01c7581ca3a7fd8598e6d3a2df67c806cd5aa7a3ee759a820286fb367d17d800a78a0fe318242292b002e98be4cc7a182b6c7f1f2954937df4342006

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\prefs.js

Filesize
6KB

MD5
b16639234422b78165fd881b66bb0744

SHA1
9e9565b147d8e59a190de09f19734068b4683d9c

SHA256
5a6ea28809d51b0cda5b9f67aab09bdcd44721e9eb1ec651bd3c314e38ff9648

SHA512
5d9938ef4da41f34263033c9d39c627f8f135b288e42aea48e6c227e5f9acf5a29d31946d6093ac98f64cd3f38ed7d6037e842e5dc0bd5020a5fcf5148e6f410

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1184dca46fbbec25eb2f8e856de57e87

SHA1
1668af7284064e68e558ba41f4bb317740fa2d16

SHA256
47c795510d4868255bb8ab7932751d5b7f1270bd94ed64c1c0f5fbcb0b34692e

SHA512
6c6481a38459d794a16b2de35b7ddd91be44c88973921b7fad03702e5cc66cea7fc1c333ab432803b787320c351175f45cc32136b78a021cd20d0c1ee8fdf676

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056i5meh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.2MB

MD5
9d89ed4a6c4dac5f1fcf9e2d7c56ddd8

SHA1
380ddc14113e5cd1539ac21035ce90a7b5dc4626

SHA256
73887a14bcdc12e6976152bce8facba84a3dff311938d4cbfeafc76b7b2d3852

SHA512
20db7e920c2a23066b6270f6edd0c789d992d529f9a3cb33e9c0b84af3e7b4517eb0dcb9d87d4711f611654df645022828201f5252e97fc87e6e34fdace358a8

Download Submit