99624ea84eeacb3716d737c9a62e1c3bd9cf5e209f5697cf9ec036abc5b248e7

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
07/08/2024, 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ytsaver.exe
Size

3.1MB
MD5

28d112f6f35ecf8ef65b56a7c24dada7
SHA1

e0d1016dbca837c9c933f9d00dc579146d21bca9
SHA256

99624ea84eeacb3716d737c9a62e1c3bd9cf5e209f5697cf9ec036abc5b248e7
SHA512

b4dd337b9ee26ced8e41207fc4fc84340d65dc9e1777ae951ba223b2f30d2b330d48374e6685f8df7b76b32d57f83571ac2912c119df712d4ee08609f8792b10
SSDEEP

98304:f5he7IdCb40s58A9QmAJPZoW3D12oRRYIa2KS+bnjGgH25leG9vCtI/t:f5hQmed3RDeGhCu/t

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ytsaver.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2468	firefox.exe
Token: SeDebugPrivilege	2468	firefox.exe
Token: SeDebugPrivilege	2468	firefox.exe
Token: SeDebugPrivilege	2468	firefox.exe
Token: SeDebugPrivilege	2468	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe
2468	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3472	MiniSearchHost.exe
2468	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 484 wrote to memory of 2468	484	firefox.exe	87
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1776	2468	firefox.exe	88
PID 2468 wrote to memory of 1108	2468	firefox.exe	89
PID 2468 wrote to memory of 1108	2468	firefox.exe	89
PID 2468 wrote to memory of 1108	2468	firefox.exe	89
PID 2468 wrote to memory of 1108	2468	firefox.exe	89
PID 2468 wrote to memory of 1108	2468	firefox.exe	89
PID 2468 wrote to memory of 1108	2468	firefox.exe	89
PID 2468 wrote to memory of 1108	2468	firefox.exe	89
PID 2468 wrote to memory of 1108	2468	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\ytsaver.exe
"C:\Users\Admin\AppData\Local\Temp\ytsaver.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3852

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:484
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1884 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fbfe9f6-433e-4595-aa95-16873cf52a6b} 2468 "\\.\pipe\gecko-crash-server-pipe.2468" gpu
    3⤵
    PID:1776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8a8d713-31d3-4cac-bb43-6d6b2e6942e9} 2468 "\\.\pipe\gecko-crash-server-pipe.2468" socket
    3⤵
    PID:1108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3368 -childID 1 -isForBrowser -prefsHandle 3360 -prefMapHandle 3144 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97130399-8546-414c-9ace-c016f3e7f3e9} 2468 "\\.\pipe\gecko-crash-server-pipe.2468" tab
    3⤵
    PID:340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2612 -childID 2 -isForBrowser -prefsHandle 2868 -prefMapHandle 3628 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48a042b8-5770-49a0-b426-b8aab9a57239} 2468 "\\.\pipe\gecko-crash-server-pipe.2468" tab
    3⤵
    PID:2980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2520 -prefMapHandle 4608 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc5ce93c-b9c5-49d6-813b-0db8f2fdfc7a} 2468 "\\.\pipe\gecko-crash-server-pipe.2468" utility
    3⤵
    - Checks processor information in registry
    PID:408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 3 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06876518-6edc-4921-9cfe-5167b73f17a5} 2468 "\\.\pipe\gecko-crash-server-pipe.2468" tab
    3⤵
    PID:5516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d21a4ea-04e7-4aa0-8d0c-97486aa898b0} 2468 "\\.\pipe\gecko-crash-server-pipe.2468" tab
    3⤵
    PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 5 -isForBrowser -prefsHandle 5752 -prefMapHandle 5748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc79365b-9e3d-4ddc-8f9b-0228ac677b40} 2468 "\\.\pipe\gecko-crash-server-pipe.2468" tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5980 -childID 6 -isForBrowser -prefsHandle 5364 -prefMapHandle 5692 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be3b5371-8182-4be9-99c0-097fba3627fc} 2468 "\\.\pipe\gecko-crash-server-pipe.2468" tab
    3⤵
    PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
c2f08eb6df317ce4fac167413443453e

SHA1
fbe43cbe53d13cc2bec285bc066216819951838e

SHA256
0762dd2fe6053eba0b236a44c82f05a087bb40d24c31a8e94d915c2e6782c2e7

SHA512
b8f606739e08ebae458c4087a842142a2b5fd65679c92dadeaefbdf38372905d727f31a1679e8766a1ebe639bbb618dc9a8a5735f9d730696c96d5a5a259dc2b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d12e797f18cb79137ad12b5e5139e1b8

SHA1
f15fb437b1be86b714e278ce927b315fa0e16ea3

SHA256
afb0f4a0229174f8118ab512b569fdb9eb3ebb0389cb11c9f4a0a2aa88ec258b

SHA512
f6e8f99bcd0ecff7683c8e56fa2ffa3fdff16d6c17a2066b36bc3d78e2838130b5b23059a239b29a7ebdd0b5ca36b3f9cf388945bf1aad50a3f91cb8091223cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp123_downloader\Cache\e579105\config.ini

Filesize
1KB

MD5
49ac4067f1db55715fba918151deb1f0

SHA1
7b36b6a94915403778b5f731cde12af1132845d3

SHA256
a36705c29b0a20b69f8a5107e9a5ee446e07242d2096ee11d1dfa03fa1688a83

SHA512
500d7ea303fa77b637477b6902521bf0a8966f184d1efafc71c70acf8275e1ba73b292fa5e1fdac0857d7da08c97e0b76d4e279e081adf32bb8d28f4e505513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp123_downloader\Cache\e579105\language\en.ini

Filesize
3KB

MD5
392d79d1a07352c235097e6a174b05dc

SHA1
691482d03708a19f7e9af07f0f143d78bb93a46d

SHA256
b37d70ea7bda94052bd16375a3c3cf0226435df0c569690e0c1736ce160c40a2

SHA512
41ecfa850c4afdf31c9cc5eb215692bfb74d38332f9ea64a98cbf7309e29bd0484a27a5826b804c4254d38efbb1b4e0c309545ee60c99ec6f50251bf871de98b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp123_downloader\Cache\e579105\language\language.ini

Filesize
2KB

MD5
9e1b2b68bd6c0659e369208bf05e0a7e

SHA1
ab719e8bf467aec590c6d0f7b1ce25f9d9432b58

SHA256
54ba6c41e4325fa82d9faee282177b760458f11650a38b307d392142d4dcbf37

SHA512
ef3e12a9857c2351b69408c2608721a9425f7962e9c07fde0a8038dfe6139d849a858273f8aa80499c0752222631c672ac71bd7c3c9a401542c5ba0c9ff01516

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\AlternateServices.bin

Filesize
8KB

MD5
2352293309cae22a689baf32700faae3

SHA1
ffb58a18caf4401285ebb1f9f129f5dab6c7cc95

SHA256
302a7aabaa854add28d3a2bdb90ea27dee9ae65c18a46bd3b5b20cff81de1e6b

SHA512
a761ae8bf08b642e91c41cbd6dae417c9709b1d85ce49f1aaa5eedfe8b8a8db341797be40e10cb5ed3fa5ad2b0b690dfd0967f87b5c5956179f52e6aa5c166c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
05f275e11b3ff1a53aec80b497edd9cd

SHA1
e7eda7b126f5bfab9dfc560033784ed4aa5a0bce

SHA256
f58faa72510565cac1b742a6b27181c908d889063c7c9bdadd75414dd12b6eeb

SHA512
941b7e6e46299c7521333feda3cf98a85342af45592a5c540a37a100d3d51e2211b84aeda8a47db8377403faa4cfae8bd0b51ca780fd1cfea6272b539c097226

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
683d0e850c76f6842230886a727ca1e9

SHA1
094e8af927dfcacaf04a7aa6e0999b4b6910ba2e

SHA256
1d1ed6f556ce52b01b057284b728dadca2ce734c66e19adfdb31ddb488315e03

SHA512
42f60ae87f319e23fdff8117d1b88bec064f084d9dac6ad66e0fe10de6516e2da49264b2ffb8eb2457d166fa9f1da555185106811bbf21631e49799fb5a2956b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
fa01c6ddc15ddc50748c482f891b1942

SHA1
4a36160d1be39dcaa0bb726e86468abf3e84a5da

SHA256
c626c7036bd2681eb2e7dc98449819595ec49782633c4d73050ae9430fe853d7

SHA512
68268eb0e19fce74e7a027997ffc33180fe699e7be6b77280d5cd7036efb489f7e2d121ab1a456afeb43bb0dec87274a7b4a1c9ea7bc84fd51dd9e54975fc2ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\94c7c885-a941-4b89-b20c-4ba3ae324f3d

Filesize
982B

MD5
e2c795a05356091a6f398293fd8ec945

SHA1
79780c544d03668abcdbefa91b3afc6730149352

SHA256
cdc73c87f1a7e5121ccc5a514bbfa5907515f61010ed4675b0f68ffab0ed7b79

SHA512
4c3b3047416b57b0aa827590341d62ab29bd25338ff33e0741765b309e0e72e8cdc68fac9bfaa5fccbcd36d96eec5f7d937368eac7d1780d863de7154beae144

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\dd186a4f-4fa6-403b-81e6-4196d93f3def

Filesize
671B

MD5
5a075310c398da027c57cc84d504ab82

SHA1
eb1446eecd7c18cec44e6639e69620199f22c228

SHA256
c41cb89e658d5379f09e19ac44dd82c7ee96edc3f052fd1a2aade8cbf7764cf3

SHA512
367a79fc10e77b59f861f435d516b19f6b6d987130d155707e4d6bd2d69528b674e02957a987db6396e450f4274ee69bd861a180b76c635cbc459ed2e97863eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\e6de30be-561f-4898-a105-bda2b36bfd4d

Filesize
25KB

MD5
6fcca3f332db44ab2ef587154f615ea3

SHA1
087c4cea728457c5b98920489b444bfca6216a68

SHA256
3984ebbfb3ef238fa47f2a7fa493d9e6c8b4c5293eff4a1896afe825373578fd

SHA512
0ff7b8979d8f9903ec3005de704ab1f46a31e494f6402e686189760a3406ced3604be3f1ca23ce1a0bf4d90521ad39b4244e280b25e30f21136bccccd14a8a13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
11KB

MD5
c3e09b843b5cdaa0780aba9f80af209c

SHA1
0ee6d26ef666662d1d3cd236f0a970bd203ed307

SHA256
d4e95c6ccdc7f2c950fa977ca0e9c2e49deefc972cc6e80ad9aa47df3282e927

SHA512
0e6889166d0940c0e1327ca0e0d152bd578b642a3695d83c1b75b2028220498b5e450a3cef0fbcb20551dc1605dfe270caf42ee7f472614c566113647bd8e645

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
11KB

MD5
5a5bc8ea5e70d41358880d70b28c80b4

SHA1
85892fbb84361bab0f381a07166fff09f817aa60

SHA256
385c12b7f8467d1a70b58d018e124ad0af4516bea24976627b456b13151c92a3

SHA512
145030fe86621129c36e059a357171cf3fd1438b995f613b538ee0a4b9dad983da8c02187866b75bf30bfeb73b4f496aea3f4d975aa81f718bafe57f4197da2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs.js

Filesize
10KB

MD5
fab69d2ae048866de3ab30bc25c56a0d

SHA1
b200a542a17f80faed1bdbc6803e599d5675785c

SHA256
0bc1e46b6d6cd90423fd3b78c029078b580de38b6d018c96bff53a5225106689

SHA512
6235f61ca11a6c89cd185dcc8834b152d0bd7ef40b48fb08e993d2e4d0b09dd2f86f1c4a55cf79b942e3726e526317819874ab60fcb02b73583a52568c33a0a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
226f030c466de751cbef0d8869b106f8

SHA1
20a815e75965531d3cc7d1979c6c0820f2577a61

SHA256
2042d2d2229a49edbfa8b0758ec165ad4c0166e54bda095e599ca659eb968f11

SHA512
5bde6be1aa5789d6dee9c1e8f82f23a72dd7f6b886987249a1d9154d82f25cb9ca93ac06a0010edf99c389a134bbdacf19a0adba6917103288629deab390c237

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
f1f6b7e9145670e66bc4856825c9c3e9

SHA1
f7e54e2343e72debce840772bfbd29f7ecd77f0f

SHA256
669de3c1fd84e89e7ee921b33ae451e47894bdf0baeaa7effe032fed23b4f58f

SHA512
f41f17299eea3c896adb29f0500c9c48b0de0c64df22331de660beb8d6411e1907b962b8d1b3e662538d4ae344b2e1a792a0eb5127e11cd297373ba689a6fd35

Download Submit