hxxps://drive[.]google[.]com/drive/folders/1AipzhTEl_7Ofj8x69_noRhuqunrHri2Z?usp=drive_link

Analysis

max time kernel
123s
max time network
130s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
01/04/2025, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1AipzhTEl_7Ofj8x69_noRhuqunrHri2Z?usp=drive_link

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	firefox.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
15	drive.google.com
19	drive.google.com
20	drive.google.com
21	drive.google.com
27	drive.google.com

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3174447216-2582055397-1659630574-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\6.txt:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4976	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4252	firefox.exe
Token: SeDebugPrivilege	4252	firefox.exe
Token: SeDebugPrivilege	4252	firefox.exe
Token: SeDebugPrivilege	4252	firefox.exe
Token: SeDebugPrivilege	4252	firefox.exe
Token: SeDebugPrivilege	4252	firefox.exe

Suspicious use of FindShellTrayWindow 20 IoCs

pid	Process
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe
4252	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4392 wrote to memory of 4252	4392	firefox.exe	80
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 1012	4252	firefox.exe	81
PID 4252 wrote to memory of 3524	4252	firefox.exe	82
PID 4252 wrote to memory of 3524	4252	firefox.exe	82
PID 4252 wrote to memory of 3524	4252	firefox.exe	82
PID 4252 wrote to memory of 3524	4252	firefox.exe	82
PID 4252 wrote to memory of 3524	4252	firefox.exe	82
PID 4252 wrote to memory of 3524	4252	firefox.exe	82
PID 4252 wrote to memory of 3524	4252	firefox.exe	82
PID 4252 wrote to memory of 3524	4252	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/drive/folders/1AipzhTEl_7Ofj8x69_noRhuqunrHri2Z?usp=drive_link"
1⤵
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/drive/folders/1AipzhTEl_7Ofj8x69_noRhuqunrHri2Z?usp=drive_link
  2⤵
  - Drops desktop.ini file(s)
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2008 -prefsLen 27100 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2080 -initialChannelId {2930cbe9-1720-453d-b0f5-a97c0aabd280} -parentPid 4252 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4252" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:1012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2500 -prefsLen 27136 -prefMapHandle 2504 -prefMapSize 270279 -ipcHandle 2512 -initialChannelId {0b257c07-cb7f-46c8-94aa-2c9bfe6caeed} -parentPid 4252 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4252" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    PID:3524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3748 -prefsLen 25164 -prefMapHandle 3752 -prefMapSize 270279 -jsInitHandle 3756 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3764 -initialChannelId {36f06acf-a489-4053-9541-2199644cf752} -parentPid 4252 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4252" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:4880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3916 -prefsLen 27277 -prefMapHandle 3920 -prefMapSize 270279 -ipcHandle 4004 -initialChannelId {402544d1-033a-4b3d-bef8-efd6ee059035} -parentPid 4252 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4252" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4504 -prefsLen 34776 -prefMapHandle 4508 -prefMapSize 270279 -jsInitHandle 4512 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2860 -initialChannelId {35225f64-7c94-4482-a1ee-b4d588aa53bc} -parentPid 4252 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4252" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:2252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5168 -prefsLen 35013 -prefMapHandle 5172 -prefMapSize 270279 -ipcHandle 4316 -initialChannelId {3a1048aa-be27-4788-af83-7bfe8fbe46be} -parentPid 4252 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4252" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:2356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3332 -prefsLen 32952 -prefMapHandle 3328 -prefMapSize 270279 -jsInitHandle 3336 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4748 -initialChannelId {d62716f1-4a1d-4f3c-9ff1-5723d4c958c3} -parentPid 4252 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4252" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:4592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5780 -prefsLen 32952 -prefMapHandle 5784 -prefMapSize 270279 -jsInitHandle 5788 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5764 -initialChannelId {58c124f0-5830-4d1e-84e3-301fdf9c9078} -parentPid 4252 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4252" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:1572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5972 -prefsLen 32952 -prefMapHandle 5976 -prefMapSize 270279 -jsInitHandle 5980 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5784 -initialChannelId {af1a5cb8-539d-4c13-af44-1ae997cb78d2} -parentPid 4252 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4252" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:1444

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\6.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
b59e9a04a3773f91c82b2846b22b4ec0

SHA1
0f23ef9359db975334538dabc529697d938ec9f0

SHA256
49d957a9e01a9bd2aee2fe800f2292bb45fa63dce35517c7e640b78dc0fa571b

SHA512
76028559403efd4f98e06cc2efb508db49498e670d58420735b9ddc65052602cce493106932d7c6a5e1b8efe62e1575cf18414986a1e8642b219241140bca2c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
1035d5272317d8f24b557d7c4fb3a461

SHA1
d01b2d09ae4cefc7a3f386ea978361e6bece94e4

SHA256
589856507c8c8b2baeeba5ef99275580a18ad982b2daa737631801d0449e8a1e

SHA512
4469ca6501455101af328019768fd698910eef5865cfee7a92f400fb754983ef9f2ba1c252533d465e3cdaf8341f75d2bc2d439ef34958a86d2b76563023732a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\AlternateServices.bin

Filesize
7KB

MD5
a0ddf4d88611820b1d260d9439229835

SHA1
f973d57013704a95cea0846125ee475aa367b51d

SHA256
35437620bba80cfb99e82ea29bd00426d8972198fbe39b22954729633d6b8f3b

SHA512
24eeba90ec278e7690ef3e9c12b28ea381c34b8619b3ded1f7f1fc26308d6de8090096d854e4ff5aed9a464f0af1c098c8cae1068ad33aab8bc9fb55a6cf2297

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\AlternateServices.bin

Filesize
30KB

MD5
a872357d13d78dd0558316a1f56c51f2

SHA1
5857ffa85631f645dfe485035eeddc8018555f7d

SHA256
58f9560ad578a596636ad9ea6154447040a71821296cdbdf696eb20a6a7da7b3

SHA512
922f1bccbbf876c860d82cad6325ab0dae3872edb5eea1729e6d1cbd70038c441810486bbba8eb875253de0bf5e685b694d29f262a3d71859e72a8602b28cebf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
788da15eb208a106121b3135293d22b8

SHA1
7d57f7fe7f557a49f73d26e950c177cbed6f8217

SHA256
a2b4cff96267bfe7016ce75eaaedce2a5a82b100c821526a28dd32e7c19597e4

SHA512
f5f52a056cb9efc4dfa2d8dca037c00f37a26f02f844dee4df3805b641d366f5c75fa8ab16d04912bd22c44942c87d001ddc086aa280cadb5011060aba272951

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
91f2faa145be8ab963b09200b3ab301f

SHA1
4364696e03d7b4003d3bbdbb597245522947a3c6

SHA256
6ab1f6347360d9eab6139d67555777b79c10790479d4671b439d0b9f9f973c92

SHA512
e577976720dd647b9c2c0681ab50b0e9baf0ca9dceca9bcf904512e868a2bc19ee05349aaeedb5a0e53f4826e1886e837a9c724f7c7a08512c1ab89952e99ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
52acf7985bf850904ea3cf0e0b7b545e

SHA1
b73f274dab2c972a57783f415551b9dd4ff71c92

SHA256
e328a4c993287aa82fbf627d83e5fdeed5e0172b9d062fed2739b5a78aa3ce4a

SHA512
e2f46676f3189df6f058525ca99d574ebeda9dcf11fd305dc2f40a6c26ff1da58de10d3f8947a8ea01847d67f49fa09bf2a0f593672966356a24a665834e9911

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
2f239a3a00a6a4c5501eb54581c29564

SHA1
1791f30deab275f0307094868739ab38dd5ece65

SHA256
bc4affbfba5d9eaf36882607dfb59d71c4bbb82f9747c4792c1de2ae2113fd54

SHA512
4b90e3d12f4d3b44328fd9206c057eb58fa81797a45f13498c9faedf23d2a7eac2600c74325409795613dbdcf4af7a83baadb1862902fd2e89a7a04687f16cf2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\datareporting\glean\pending_pings\17e8139d-e293-4f54-b961-cd8c421361c8

Filesize
883B

MD5
52c9c0355c862c6eac04f9cb2c63e2d2

SHA1
db06a51273318ccdaadb10728072281542c7559f

SHA256
796cc7beb0de6e6326f6847720a74e2cd3b706aac8ed7f72adaa57ebe7765515

SHA512
9d4f435aca31659ec7777fc94feef3869cf77ab52169f2fe6548c7caa23697114aff13fb88584b5b5418651597d5e717d7b196f4229f1ba8c6a2c3470e9e73e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\datareporting\glean\pending_pings\38dce20c-2ea9-425b-8a4b-a716eb78c705

Filesize
16KB

MD5
dbc04dd200546576a8afec0b4104c2d9

SHA1
6ebf8210b8350535f0654416509ff39e36b41c07

SHA256
4d0f390f03613f448aa6bca9e224a47babcceefa08f89b0c87540b76af756285

SHA512
f9fc2266b3b578b37fc19f6826c0e77fe739eeb08f26c588bce937800a22ae253390b47da31515e402eb8c96a3e273a94a287a2ffe6da63aa5502530a4489c30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\datareporting\glean\pending_pings\bbccd0c0-3ced-433b-aba4-f03e12c13267

Filesize
886B

MD5
9580ec4f9e807b5e3b633b16a16c9e86

SHA1
adbbb86d098a9718b76f6b370fff58f84b3cd77a

SHA256
aa3043ded49aac345bf5bd736a539b646b9e81732385b122ea285082e102d01a

SHA512
d4371400bab1b6306703e19bfd9dc3fdb9a754a6f83519d82c28dcfc55d05a7c7f58658f10a41c3b1114acaf8f1e1c73194f33b84ccaa6154f76248391b556c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\datareporting\glean\pending_pings\bdb2f711-aa8e-494c-8e3b-2554d6fd429b

Filesize
235B

MD5
5271feb48a116a8fef10eb64ad1447b7

SHA1
329199f8e18bc968c30a8ace94d0d1f5f8a169b2

SHA256
8d1b8df2dffaea7beadba72abfcb2c8859472ef2fa054c6f46a59f0f4c072027

SHA512
0d72705d56348a29d4e22c9565d8012b1f2b9c8bda9b0dd0cc44ae090bb5b51af70efe782d9855372b1733ef7185255e699da032c66c4fe5e42feea2f9e64f72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\datareporting\glean\pending_pings\e5bd9a62-a010-4eb4-b6da-bdf9e9bb969f

Filesize
2KB

MD5
4a3be145c8e5db0a5cadb717005e226e

SHA1
19b1f0132a2ded0c542131f90da5635cce6dde72

SHA256
de6a3fdac4192227f803a3999f0c634f619baa3709c748572ab43d8d86a3b290

SHA512
abea4c8bfada34c8d2b18ad2991abac827472593837b628e3a6983a27d54b8ad59f9d1ccdfe26e1d1857c644007524eee34b02270b194404aa1bfc5a816c7a68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\datareporting\glean\pending_pings\f24df192-8e2a-4ce7-89cd-65de75783e0d

Filesize
235B

MD5
41049a33d055e30aa92c1e148540b2b0

SHA1
f6d089e5c6191cb3253d142fd042aefa12779e0c

SHA256
24994d7fb138428e3957db0d04d72b2cbaca964d5c976a5058bfbb5bc5c780bb

SHA512
f6fa0e36fee65d800e86ddf24968c47f4d927a9b6f020d0fb2bbcdb0578d58eba70028b1bbce6d78f6ccc858b6515f5bc3484268a771b81c92d5ceb2b9699b97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\extensions.json

Filesize
16KB

MD5
54faef0cc029ddb1c9072ea252388cda

SHA1
5dc04b49a5060178aa782680a220865e5825f7df

SHA256
a80b5b3700f1acb4ff3785b659a2da83265c81ea73469aee0880dbe90edc7672

SHA512
f51b7bace0a9f17d862950d495a4fe94808230291a71be9b249982cf44fb814ed5f6ddd365fe3bdaeca8b60c30e3841fcc7f0dc01b113a1ac1213a796bc12e3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\prefs-1.js

Filesize
7KB

MD5
d1db809d14aab53db40a99a57f4ecd0d

SHA1
5281b1af108238e333faed383fc6b34167a269ff

SHA256
ac5e0fff241525e92793d9205e27f81830bceaeb52eeda7d977bafcf0e7fa406

SHA512
1fb9284aa3602478a3b19d80827c4262efba8794b467061e358b5289de03da818c0a396adde1cf0f803e694a40a48bc9d274be98191e7828aa26857be6b8f883

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\prefs.js

Filesize
6KB

MD5
7167c7f7250e324a25c3550ac7df4e49

SHA1
aaecab8ee11c7475c76d3b26f6076635a669bf3f

SHA256
f9ee2476d7c76a05a948f96c8e8786273a519081514f01272c4bb0cac2e0f8b3

SHA512
6552da9a13171d0cf4b48f3fefb7139ce30f000f2f54bd0caf7d83100185d5e29f9852383e2836f1bbafe06d36c9a740edf8555ebc4b81e7dc87efab5f4d4ff9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\prefs.js

Filesize
6KB

MD5
de67934a514936a25bd3046b406aa435

SHA1
962a511718298ea8bde8a12fa91b9811759609c8

SHA256
10e29192685922840b0ba615b2ffb38ee8fdc3866f637313f2c3473e8dc84228

SHA512
2d3a1533f85f83273f48436c2a42729419760d2edced3210c95486d593a3228dac17401b67857dc3a64119f2b706525b56264e3ed4b80eb275a0faa6f348826c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
767ff1de481bbe366d3b185ee4e60809

SHA1
6d0c1996eae468c07ef9895315dad22e0ba005db

SHA256
8ed111eb4a9a5acb155a05f73d96f9956be55e79bd9ca677ba6f1cea3c97923a

SHA512
44d11e4f106753fb5651f6a87319d7fdab9d558b5c74b48f4e7196205c05f69b62fd75c04ef9f211931313400dc96ebf3a8d0567534decedc0af4c3f2f0617a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
8e5c07140b86eaa9a216158bd3e5c475

SHA1
2ff907280438db8acb437641c40c2ca85c64757f

SHA256
fcabc93166da644d74830aeafcd6d8fd5565a2437386cd117899c731fbcda4b8

SHA512
8dcafcbda1fb32e86600223e6a87ec145541efc6edb1d65dd96a4723e4086fa6b74865bce7a8b470b3e42f980a3cba5f0853cfea21c7428e19b6ec3c1a92b25b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
4cb984f39aa521cd4ed3d567b8240b54

SHA1
71007c6b41ec0e7131334a837334adaec6b284cc

SHA256
8648f5644fc972d2f7c77338eca9c1a389225c24ccbae7aaf565e5f2c0e2a6e9

SHA512
1404a634b2a7c80160ff70bcec0e968700dd30ad72041f53862f85a034296c651f2e68514c4af3d18f42dbd6465d98f3abe184893fa858624bff945d7a47f6c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yl5uz7ru.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
23KB

MD5
0c764c27482a418248b2bb8df68fcb40

SHA1
3a501e373e4de6221dfe4e2f7acffd867c252b34

SHA256
81e86070be8ca205278c4d82ec50f0a0bc53f9e92f6fa27b3d3b9e1c99ef285d

SHA512
c53094ce9da69e5a56066176e841baca2f11885418f7f29c06955a8000f69b2200415508bcc7b1bd9b310b192f3b2c4fd412bd410c3cf93862a5a887acde9b23

Download Submit