270b705a40b38118ad7a38ddef18778ede975c9d120551851848dde2f1a9e6d1

Analysis

max time kernel
139s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 19:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

download_repair.js
Size

32KB
MD5

aad090f093dc77d38d64e5630653f613
SHA1

cc1ffce134574faf02b608fcca331d85e18a1ee0
SHA256

270b705a40b38118ad7a38ddef18778ede975c9d120551851848dde2f1a9e6d1
SHA512

9d30c34ca94fc344f66ff922f1a9ea6cb88dd0d2e98583da78412b0cb163b7f4f6d398da552bb06259038affcc1d9ef0a0776b017ca8f09701a55d727e4cd252
SSDEEP

768:k5RHm8CS1rjuzqBSrAwouaKOnbK6KwIuAvIBOhqD:k5RHm8CyrjoqBrwouEbjFI2BOcD

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3552	firefox.exe
Token: SeDebugPrivilege	3552	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3552	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 5072 wrote to memory of 3552	5072	firefox.exe	97
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 4548	3552	firefox.exe	98
PID 3552 wrote to memory of 3188	3552	firefox.exe	99
PID 3552 wrote to memory of 3188	3552	firefox.exe	99
PID 3552 wrote to memory of 3188	3552	firefox.exe	99
PID 3552 wrote to memory of 3188	3552	firefox.exe	99
PID 3552 wrote to memory of 3188	3552	firefox.exe	99
PID 3552 wrote to memory of 3188	3552	firefox.exe	99
PID 3552 wrote to memory of 3188	3552	firefox.exe	99
PID 3552 wrote to memory of 3188	3552	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\download_repair.js
1⤵
PID:4604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6488144-b3c4-4183-9f71-98486925756a} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" gpu
    3⤵
    PID:4548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2376 -prefsLen 25493 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d0d0748-74af-4904-8dd3-075abb026c1c} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" socket
    3⤵
    - Checks processor information in registry
    PID:3188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3356 -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3388 -prefsLen 25634 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2a9416b-fe03-40fc-bb96-5ab51d296a36} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" tab
    3⤵
    PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3408 -childID 2 -isForBrowser -prefsHandle 3800 -prefMapHandle 3796 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90864150-d28c-4048-ae38-f5b8dc06cfa4} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" tab
    3⤵
    PID:1552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4860 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86a0ac90-afd3-453a-9242-bb33a68cba39} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" utility
    3⤵
    - Checks processor information in registry
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 3 -isForBrowser -prefsHandle 5484 -prefMapHandle 5488 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b97ef67-3bf0-4480-96b5-7eda3a759037} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" tab
    3⤵
    PID:5972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5320 -childID 4 -isForBrowser -prefsHandle 5768 -prefMapHandle 5764 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {430623a7-1a6c-4e23-802d-9c97638beb62} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" tab
    3⤵
    PID:5996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5908 -childID 5 -isForBrowser -prefsHandle 5400 -prefMapHandle 5412 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52ef3a5e-169c-4fdb-87cb-928907422aa7} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" tab
    3⤵
    PID:6008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6176 -childID 6 -isForBrowser -prefsHandle 6168 -prefMapHandle 6164 -prefsLen 27823 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3c20780-d500-4b34-aaaf-b1f5207d13cf} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" tab
    3⤵
    PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k6zex9vv.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
3fb19aceb114b74f80e047fc381b0098

SHA1
c9ba7b7ea6bf02af22b6228e7b138449ab02173d

SHA256
910e8597ce313f38cf288257515d322ff09225b5d4cb399b2dff35ec9b388fef

SHA512
9a5be7e78bebddb3bc8936db63befd67554d4b1ff1d484a7bb00e91141717732472512378100e4e3c62611749fc122b38f4739552a26abddeef76fc35ed58ce3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k6zex9vv.default-release\cache2\entries\8889BDA353177B2CBE445A1C3B1F487FCD52CE10

Filesize
210KB

MD5
ad6804dcf66ee11e33548cbd2f3bf4b4

SHA1
8e8a7b9f4039bf762634ff3f3b9256bdf7756ffd

SHA256
68bc20fe8eafa6d2304007121f17419de52b13d88b948a7621b1bcc208b1b483

SHA512
9046cbefaa55b4f26239630deed0fc82e2bd9a36ac3fa731960db6ebe5fb0e8dcb2340b946c4915a871d083a3a39d34288ec6317b55c14344658bb9ae67c1e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\AlternateServices.bin

Filesize
6KB

MD5
9e4df59a299cf4ec8b0d048750434fc7

SHA1
f0d5eff4a25d8d1bfcf6d41815b3de478584ab4c

SHA256
ae22fac4c507c91e7b73f782c8546c29075dc58c20171062428d56a4cba45ade

SHA512
6e26e4c49dcbf10febb873307f23d55d059642c3bf45c4fb9f9725eada99c674ffddf9988ec8f4fc6ebe15f606edfb91c52caa5f797edf93ba23f1583c91dc57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
734e47b4f33952fde4a986c385037dcd

SHA1
76de37f6d6db090a5c1c9d346f80184d13573c92

SHA256
c0b027482656cede62b56f3a423ec4f2535fcaa28bf7395513eb4d6c45e026f9

SHA512
4ac3e57b7a27e3844512063a170877eaedc27d4637cb3419e6a05289db1e1c316a3af7cb1b23a7ab8598250f323fa3c988b2519124e0e0688a4a1a15b8ecf504

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
a78abd6f31bdf2b25765aaa6565809e4

SHA1
7eacd4f77436b3e621a13eb66ec966019e43b770

SHA256
17565077fe3f941e27bc2640758c6eb0121d9de61a2d49b156966bb95fa2b417

SHA512
c9fef71019d109a258f4ee123d728c66a05ac19062addb8451e2264eb8eae402e8c9dbdbdbdfce5f23f4ef7b65ec0a63c83fa8823c3f5bede6f7adf5a6d0e0e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f413bf7b2c2baded45bec0d389fbcd39

SHA1
28bebf2eb1e68a4a789fa354f6146c89b15577d1

SHA256
30cb76d2c7cab7c58759b35fc9b8b784e7f44bd281a3196dbf9d6782b6f427f1

SHA512
e82f971eec4f2242f2db0060e7e1fd79f3f0a99144904145003f9c1f981e1ec921ef05a5b32338218e130c2e0ff9d4fbb5271c7470b20bbaa49a27b07432e310

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5ee0662b8d47097be16db70fa886c2e9

SHA1
71af6c0501f3775bf9805b4fc8770ea001b8cf53

SHA256
cd489abba6f095844b30bc4183f5c231bb62dabb9ab6c9e8caa165852b0849e7

SHA512
f84978ee7b3f0ed2301f8688a007369c3beb3a62dde301c1b36aa8c6b45ab841ca4f2d6590e3b34c52f793de529436db1cf422359ccaae68da9cbb3c966385e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
215fd367a459905c532ee12659cc9431

SHA1
497784f190c8b68b0664914ff68b87068c20f9f7

SHA256
cccea332b10f50c686c97849b669fef77ba6c77b3d29b022f8713b9350de6314

SHA512
eb8102e46f378382660e5b8b6d277d5df3cfdb85726aa9f441f13696317eef94d3754e77fed02e57411339c45a522f8f5c237989f7f34ccdf21fc36682b7d0cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\pending_pings\1bd64b89-fe27-4c54-9745-613e173e03ab

Filesize
671B

MD5
1fe49af43f7c96913ee5bcffcfcce668

SHA1
e6ad62a3f4322027963052e885a0ef23eacaa11e

SHA256
17c4bc498e9fc80bfa9939a336ce72f64d2297478f7cdda18c2ce71e46bdb4f9

SHA512
71c4fefaa2646517c11eb156cbf66cc921633fb81c152c7ff5d8912b48b04b0c2e3abb64432c8876e9775df6c7dfac1813ecd8ec8177b5bb4cb4de383db255d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\pending_pings\7af94c6c-d3ce-4eba-b812-d9e4a1337cd7

Filesize
4KB

MD5
7c82b2b1a9ce6ea99ba39e9ca3b01bbd

SHA1
3dca4a937d339496d4f3cbb10ccb221bd73f74fa

SHA256
023df8c87bcd4e2b4d04f8b172d1904ff70f71193654ebb8bced25fbf1087de1

SHA512
10550098c576a9faa658ad67762610377e2c79dd287200a268c55da4441eb24d0f190234c5bdebfb475a18f22fb20f5390d0801a0983256a377bc5c9dcad3a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\pending_pings\95e8ac7e-d3b4-4963-b759-fa89ff2a2b79

Filesize
982B

MD5
f2b747c022c78b21abed02db6126ba35

SHA1
769dab86d9174d517a5a244649d17b8837785c08

SHA256
e93b9ec91339f2e26e65eea65406824c366eaa753a1694929289e99212bdf446

SHA512
ee692ee26e2a71bf68638e42444c7e9d9944f96ae1583b1b1a7e4413ead2bd6d23635b32d53ea94534bd1bf04d60ec11999842b8bde0f48e6acd2226a3ed0068

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\pending_pings\d0f15c3f-50f7-4d78-9233-5f968e50b118

Filesize
25KB

MD5
0aced9c6919fe0f817f99ca55ccb5574

SHA1
bf317b9e50a9ea8bbb603dcefad31d1fd441ba57

SHA256
fd644f1c4c52a210021de4ac9bc1b81fb06976f015ee371a13d1d178d707fce0

SHA512
0398dd59f75f065aa5714d371203c9ef99f8f55611beb8f7f2292e417fc4810ae92072facf25bd34212892d1a072c8aad681b43e236867328bd71b0d7e240478

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs-1.js

Filesize
8KB

MD5
1756cf726842cb6f0c176b7ff25ec10e

SHA1
76390914cea86c01c991a9fbd39ba9d050917a66

SHA256
83a13563c1f27843f28e1944748f6b888f4e6f20c7a13643606b6bf0efc8101f

SHA512
ee81a3fa332922eba737e2a030e7e830c558d2f53822304780839e043d19142b889a0172645127b9281a13c83cd5d2ba044d9857103f94d8065a2e9b4e27eae0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs-1.js

Filesize
8KB

MD5
68f5d44c6bac0c4e51bc64665cc02b2a

SHA1
53974cf3cf56beb7855581ce73670dc5e390290e

SHA256
974aabd880803774fc6b43ce1a4d66945c7e73b0b5a9289f6c18e674cacbb609

SHA512
6676e57512138e2e7750890fbc66e0592fcbbdaa1dcaf26c88b10252cfb42f6fb896334c8a7008e894d2cfa1c5a53499a245f6b1bb44a8594137a2a4f58a7eba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs.js

Filesize
8KB

MD5
468d42d77e790e1f0623234a4114397f

SHA1
05101be4c416ddfd4c27539c682b401aad12b582

SHA256
1c21dbc782b9b34ef1b6c07f01425a0ea38fae8e3ba74325dc0aa12303bebf0b

SHA512
f28c09d55adc7b16fc3094b4dea24778a951d2323ba28d3798e52129b7b373f72695b41e3470ac38d8f218a2b606e99829ef3c08185869510fd3f41f11561f60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
d2ecf9e124788e789bd07a541627ac93

SHA1
d9073520dede7610340ce0ca72ba2dc98af94431

SHA256
456c3f043be45c85cb53d5bd339f1ad614346da069155c318c095d2918fcd87b

SHA512
622ba3e8a9b3123b5ec837fee52eec61bc06ca7eda162f7a0244ca6e85968970e3ec64cef474f26ea2e367beda89749bc93b7e7af024e8c507b463ecd225db80

Download Submit