7eb4dd740d65e70b9ebd7ad519e4114542ddb2f98f6891ea5bd0e4568c9db809

Analysis

max time kernel
1621s
max time network
1611s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10-08-2024 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nouveau dossier/tkt.py
Size

120B
MD5

3f1e74a5ca282c1d80783f7699c25c44
SHA1

7b0ff72e72bf14af2b9d7f3245e8364ed7aa2407
SHA256

606705ca6fc48f162242749b9de521668dafc74caaf2d04b74a2b097f23f25ad
SHA512

6fa22faedb0567f5a3c7488ce7c3b0c3e116f31646336795d17d7a6600c34d4ec05d6ccdc226e12844f63dd17520b77a59134d67783fa4d3844d6942b7536ad0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
756	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4864	firefox.exe
Token: SeDebugPrivilege	4864	firefox.exe
Token: SeDebugPrivilege	4864	firefox.exe
Token: SeDebugPrivilege	4864	firefox.exe
Token: SeDebugPrivilege	4864	firefox.exe
Token: SeDebugPrivilege	4864	firefox.exe
Token: SeDebugPrivilege	4864	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4864	firefox.exe
4864	firefox.exe
4864	firefox.exe
4864	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4864	firefox.exe
4864	firefox.exe
4864	firefox.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
4864	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4124 wrote to memory of 4864	4124	firefox.exe	76
PID 4864 wrote to memory of 768	4864	firefox.exe	77
PID 4864 wrote to memory of 768	4864	firefox.exe	77
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 2136	4864	firefox.exe	78
PID 4864 wrote to memory of 1244	4864	firefox.exe	79
PID 4864 wrote to memory of 1244	4864	firefox.exe	79
PID 4864 wrote to memory of 1244	4864	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Nouveau dossier\tkt.py"
1⤵
- Modifies registry class
PID:2088

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4864.0.542294170\579099964" -parentBuildID 20221007134813 -prefsHandle 1744 -prefMapHandle 1732 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f37cbf7-52f5-49c6-9188-b98faf3b9a61} 4864 "\\.\pipe\gecko-crash-server-pipe.4864" 1828 1ff910d6458 gpu
    3⤵
    PID:768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4864.1.597620792\507080252" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {868e8774-e4eb-48e2-a282-d1ec90fa998f} 4864 "\\.\pipe\gecko-crash-server-pipe.4864" 2168 1ff90c3fd58 socket
    3⤵
    PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4864.2.1141460789\1311699090" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2792 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e2c18e9-6169-4b5b-8af5-0311ce4e5105} 4864 "\\.\pipe\gecko-crash-server-pipe.4864" 2708 1ff95398158 tab
    3⤵
    PID:1244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4864.3.830125552\1325741379" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3228 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7498561f-fa7c-4a50-9bc1-60b9baa16bd0} 4864 "\\.\pipe\gecko-crash-server-pipe.4864" 3496 1ff96257458 tab
    3⤵
    PID:236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4864.4.844578511\1724286203" -childID 3 -isForBrowser -prefsHandle 4280 -prefMapHandle 4304 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fea2af59-f00d-422e-9ab5-bd4b5abf7a39} 4864 "\\.\pipe\gecko-crash-server-pipe.4864" 3680 1ff96355f58 tab
    3⤵
    PID:2756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4864.5.335030610\1309799633" -childID 4 -isForBrowser -prefsHandle 4816 -prefMapHandle 4760 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8b6448e-e340-498e-bff0-393fc8f79c44} 4864 "\\.\pipe\gecko-crash-server-pipe.4864" 4808 1ff96353558 tab
    3⤵
    PID:3156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4864.6.154845409\2019790821" -childID 5 -isForBrowser -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6835bc8-ee13-485c-842e-76b27f51f34a} 4864 "\\.\pipe\gecko-crash-server-pipe.4864" 4964 1ff97828e58 tab
    3⤵
    PID:3572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4864.7.2125837135\21735651" -childID 6 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21277329-bdb2-49d6-91a4-6eb6ae622f31} 4864 "\\.\pipe\gecko-crash-server-pipe.4864" 5160 1ff97f8c858 tab
    3⤵
    PID:1916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4864.8.1407703825\373931660" -childID 7 -isForBrowser -prefsHandle 5732 -prefMapHandle 5740 -prefsLen 29218 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c430154-ea19-4925-9388-8af705171e96} 4864 "\\.\pipe\gecko-crash-server-pipe.4864" 5724 1ff9cf6d758 tab
    3⤵
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4864.9.298238693\1340779738" -childID 8 -isForBrowser -prefsHandle 4932 -prefMapHandle 4928 -prefsLen 29737 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe23d7db-da2b-4f0b-8da6-776660d0c885} 4864 "\\.\pipe\gecko-crash-server-pipe.4864" 4920 1ff9bed2f58 tab
    3⤵
    PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\13934

Filesize
9KB

MD5
e03633a03b8cd2c19566660a780028b9

SHA1
da4e0728b0e0766bd859920bcf1ec75192f234f3

SHA256
ed7c8ef08946513277e4f8d45adac4f65773cc3d609e5f07559af0b1e24c8fcd

SHA512
3d22bae7ebd350be19b424f42e1b249339031c22f3ba09a65524da1586c94c033c00127eb90a3153e7dba734651402a708e2fa03b1a4410f58e3170e0f32d373

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\3610

Filesize
15KB

MD5
b37abebc63f1ea569fcaf9b8ca97954b

SHA1
94ac52ca8216c4a1ff516b0d7b8c7c7891fe1593

SHA256
4b5782ec847e8de25fac20e8c8d7877e05d98b1f162a502b954b01998123cd8b

SHA512
b6afa4be68174b75a8e76ce86c54dd814c44a844f04efc251990eced76d15977ca02122ecef73fe5a0333c2e7c052f348e599178dc922016b36f4847f002e8ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\8262

Filesize
15KB

MD5
53270f11bd63764e47e15232b4d3df2c

SHA1
86d04cfe227e13f2a2a45576b70069a9c2c60a33

SHA256
242e7cc55521fa888a0a9f1b6e20e3873f0f69da22ea8feb24f512dd0ac68c35

SHA512
760ee0fb4363ddd81a590885fe758e27b4b7bc80db6009f14d1d331a933bc642912aba37d91f25c8f3970c1e85e03b0dda93f172709c3faf89dce02ffef021e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\76E7147E90F950CD5C9FEF108FF5987AED18E9F2

Filesize
60KB

MD5
d5351eda066525f4d8c187e89239351b

SHA1
b059668aa9888cc3cf4ab4cb9357b86ee82754e9

SHA256
7796e68db74b1d2845804c7b2738fcf089fd20e75be981c259965cebba0626e6

SHA512
c553ed39396aad182aa906d025054a9928711e2982d8a330a53f715fafd9da8efac141c05627e84d5f4231025f375c8984d9721a1d955f981655129408f381a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D51AF647E4D4CAC1114F86C66307284ADE3F1FA0

Filesize
219KB

MD5
7352b2cf94daceb4fa6111080a02ca53

SHA1
6989358b65ee3ba7b329b9e49e70185e1272b080

SHA256
da424c61334a3809c406edb1f23c990abcd7b17b6cafff4f37becfa4a17999ca

SHA512
9e09cfc77c036f07992644f81bc3090a4938045fd60fbc11cb2b9bd8bef5b845656421f0c4d5f6ab76c52dcff1734f71568985ad6198bdd3b86ee159b8ce4a1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
e6cd7255587fc5715939a21817ba7ca4

SHA1
693270ba9f9b9d9a5a371a6a189a4e4415bddfeb

SHA256
54ec653af774519f6c9a4e6db140d0a2791a3b66afc294ed127d3959d584b3bd

SHA512
c28e4b24ada9fe82f69240ede5ecc4cf49ff520a81342adb93478bb4486673957487511a8549559e4a08279ae482f23e8ceac0f494f2f34a79d84816fa75cb39

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
fcc0fbcf77cea0f869ae4cab3bd448ab

SHA1
637ffdd130f5d78755432aa4a123c10a98096628

SHA256
295d3c67cf63a936ba6d89340992cd877a76904f67621d91aae8349ff2218dea

SHA512
ddb74c88c112d857604c6368be6fbaa5635a90bb24fcc081bcbdc63528c454716c81f434d637b96cab746e1f172dee34a4bda02d40e71621bca62b26d29006d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

Filesize
455B

MD5
b68fc3054aec1b5ba80e728a9984fe20

SHA1
a9786354c05f42b949707bd6e12e65acf04a7afd

SHA256
e24ba4fb6f6f65e45ab6ccdca535ad9def673c8d9739eddfd0b015bbb56951eb

SHA512
975024c471b4af15f27eace16952bd8af1f0fe407ba0338faf24304026981f437027f2b43c101c71bf6e7e927c846c15ad25095a0978e201e542ca248c2f247a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-08-10_11_JYHA1IDH37kjW2ud4k03lA==.jsonlz4

Filesize
948B

MD5
7c618c5385632ed123b3929e89a9104a

SHA1
877eef304b5bca587c7f990c0b187b1fbe666e04

SHA256
0c052f029079668e4dc8f63800c6b2fd173fd97de4739e5a66d017df726f519c

SHA512
78e0c287f8367a1fb67e816d2ca7a675cf880d1a245ebc1f4633c52a54bd7fb8ba4564d7c07ceddd9f56c9efbaadb2da1ccc928f679645b3d91dcdac7c87d64e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json

Filesize
216B

MD5
bee775d8b103fcaad8e555705b15885c

SHA1
9f40a72826638af2e75be1ef9ccf7f66fb557638

SHA256
02dee97e62af8991b245ee9d4420935dc399d49425fb0d60c98698fcbca7d974

SHA512
b3256004c98190da3a81ed153094f3ca893d7e980149c3975f3900f91d2009d29763560d822f0467b9dabc5dc1b0fe1d80f16888de1064cd7eba9cf18491b9a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
33fe7a8d241bd940b8f0cc3cc36d79a7

SHA1
5ecc10cec9850f8b7cf964969245063d40c8ce31

SHA256
48a9fc2988f3b5bfc627c2b3103480f5c59c9a9b0c81ed0808ab24822c9bf190

SHA512
fc15b94ab9e39f5e9b84fdb5bdefa101582ba33f3bdad39123ccb740d452892bf8785e19374e424a8e9cb504a587fe1bd30bb6425f5a41ffa2cc277d99e62580

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7a49b00c-a80e-49cc-8308-c40f78cf01bc

Filesize
746B

MD5
46f97140e11129c14f6c3adbf663136e

SHA1
635f4103bb6e2252d72a84f35eba0adabecd3d78

SHA256
b726c517be58d59886d8ef214a0d42f8c8902e83ba32be0ddc8069dfe8faffcf

SHA512
0c6b806cbd89efcbba73dfe254b5b8444b3957b1ec06865a4cefc64962e1e9b6ffbcc303078f41441e6541f4e1e14f155320e99ed4c1285258a34e2f67c5c7a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a006dc01-ed85-47a8-8fe8-b9f208253b2e

Filesize
10KB

MD5
cc289a94dbea32f9358b59da03fd1c9c

SHA1
661fca23f12d84f1894884e69e0079dbae645e32

SHA256
a31f503798dc9e0ba0abc16b704c1cc4ffc078126ab6ad3ef9119bc2d8b4bc2a

SHA512
83bbfbf625d65bcccb69c038dee7261b62ad2fe186e027ceadda3534adb7521bb1ce158b574d5f5a8cd19fbd7395abf33695e917b98b44a770df5b6585e7fab6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\extensions.json.tmp

Filesize
34KB

MD5
a90b92eb0ef5d08400ad21b143a4b510

SHA1
a9616b161537139d2bd477d327d96e9f1e092147

SHA256
95a77451a7715fbad2ab08264c0a18ecc1610db3f8eb6b2eba02fdf5fb380d75

SHA512
73a72ae3305a00646176f9ad40f1b1768bfe23714b7f3a4d436d650d482c8532b35248c25edd6b88cde80dcb88134380e01b405e3848001ae0fe5a89bbeb5cc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
9KB

MD5
22471411257f1d7f79904f2fe5f29c1b

SHA1
c78d7b6cdc0c5d990c2bc024d1becb24fced667b

SHA256
d96af63f6d1ec64c6c8366cb08de0f5e8b0c2628d383e785f9090cc3b8bae790

SHA512
29b34599b93ce7b7f533ab49f87b0e3fbecf40215f7de7e23f547c15f576a1884094015c23841eb20454ceed17dabd1bc5784a349ff4907db62f4e335eef139b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
10KB

MD5
f20db480ebec9441d4c268c01e40faf5

SHA1
7c6a54d5ad8b179a567f652c930fd3fa103d6c10

SHA256
80393690d5668501b9933470f362e6bc26e7a77e678daf4c527b0e95bbb8d175

SHA512
d0f6946acbc8f1fe80f9e38d1b87bbf510d1ce5af62066768da542b0ae18cb90c3520a0a8213447aaf22e952882c48a9cfea2fe86a06937011107002e60c1f80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
10KB

MD5
2deb602a79b9385bd1f9667039591650

SHA1
4f81b6813349bb8563fb0e47878646e9dcde4efc

SHA256
e992337f593a43a0a0ba064c380684bdd395e4bb116b70c746853a899959cfb3

SHA512
2d069cbec9267252e3cda0f6c45810b628808144b82bd3f2e667fc1568ea4322ce33b5d9e0c4bf176ff773fde16f4e8296b55cd5a731ee135e0c31d4d2fdbb44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
9163117568f3dee8f7f526bdbe889e50

SHA1
1ebb7bc346b7a11ea50b9f92ea9fba9325732c1c

SHA256
721a2a26d5250c0eb00e7dc46dd9137983311c64cfd3bcb4d355735a1172e779

SHA512
e231cb2da4ba6be866ef3ba4fe915f0648927f02bdbfcfc347fe6ef9adef88480df19f19203f68b22b3e963c6429b8deb965e3c744d502bf84122b74c4053816

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
7KB

MD5
d2d7ce89ef0724d2b20f8a84011d2a3e

SHA1
40857b9cb7790e7c20f1cf290d3769be2852e718

SHA256
34775127093616a6c7ce5e74ca130d9300f8eaa7d78af23f67663909ec32da45

SHA512
225a4076a45c541e4bb6a28431294bf688be9bbf60dcf29d42d79cfce9bb41b0f7b0ba742836041d79d238755bd84c02d15bd5bb8985b6c796c5fbcd27a84529

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
e787095e81b411e537657c42c460b466

SHA1
b99d0422ce6b2073a19f8ebccb5e43f9d76139aa

SHA256
1217bd0c4f195bd3de8c796801729b2c90436d9191fc80f17f42bb5ce392dcce

SHA512
5e3d736d21ec874caa02e029fde0a575fe3766466c110cd789539e333bcc70c2888a82b1f29a2254ccb7e231595a114a2690bf8f47f34802164a781e9c7a46c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ba230eadb0b6b937d5e7d7fa7b4fc643

SHA1
765fb49bf563c69df54882e69a38e9d020927bb5

SHA256
aadccca881b6265213b3fb395c6c7fb260ec7cf0376d5b30c0393278e76dce31

SHA512
9b7728ec6805502ab63a3ef2a1b455ba730e7469ca32a02f094cb9ac2ad6839ddb5478c33284c5a7c1d245c3431cdabc6201719f6e1eac6156be3e5a28d4047f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
fc11f90ee6408fbd101e84b29abc53d0

SHA1
fa3697b45ff425cec4e2dcc0418d7bcf9d782213

SHA256
2ece521964bfe8d9fdaa5abe138c82d42fc44b36084fb61382e0a694ed00b3a2

SHA512
044d4c8f061bb43a704ce9e7429aacd2ba481320063db883a853c03a80a9c5fb736d7840f4420bf5f1d1278321c54c09f5d554d922c5019ce8a9d427c20ec00a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
f2a73fe73d21aac82cedb6b6f1eccc1f

SHA1
559f5dca204d1507fddc5b31765903255c267c27

SHA256
228d2d6d372c0b61bad3acc3aa1bfea89fa205baf67760e2d7be59805db10741

SHA512
01798c004c33dc207ab22d3bfb87f9e6a127d815c4700a66a3a34afba750bca748dc3ecea6222c9781055b24efce748df319920491e3e841d1b7ce1267b8592f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
3e7a7bafe84fca7fb5984149b4c53228

SHA1
3ce28c03e670cfcee52448ea3bc73d8e9f205817

SHA256
1914327f772966273dade5a37d9a6c2632a4f445734eb20049e31ed7bc2e2cb2

SHA512
1e6eabbd47626b2798c79e22bba4fa7452a03c8d208e30a57272b85cde0f38821720935111c8c6ff24b87cd30e2a0c3ca4a75138e67d86a68fc00e14faff9371

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
37a5a49c173aed7a7777a6bb83fb7a4f

SHA1
0493f1b1dd8f142f84024196e60f6f95617cdf3c

SHA256
2bb660ecefa87641edea68a3aa252504426f7e65c31c4984c9903f1ca4ac0ae9

SHA512
90d949e1451fb5fec4bf064e513982a9d3085f039bad5dc13a503788b0155f276f6d680cd219b053875dfef1c06360943bbb1f4f25d0ce221f5ef8bd0eb6f600

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
36aec1b03e8e1bf112f70e5420863ba2

SHA1
34e6932dba00c6d1efac7d22934d4dca28cb901e

SHA256
5b4acfbfe64822719946d9cd830096cc1c2cf1dbc63ed591d6e29ba477c6f1dc

SHA512
93ef89da6dbef47d5ac6cfe76d525756913aa13708d852405583e2c547ab1b3b52f7f856518bfc039925b5b804c4ec8f14266ab840124e18b6d219018121c8e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.7MB

MD5
23a202f04e3f48214aa08972cbdc86a2

SHA1
f0e74cc9d580079d2f3fff53323886ee944d38b9

SHA256
8730af5acb8508ba1495e1e4213ed2731a9faa1472b660c4e38755de02cc8d47

SHA512
34504205302c6a5d88b1359bf5c75f7cfc11e7bd3d627eafd3c7dfc61f2cb2950d18af42e74ecc9250e1b85fd57f16f4caa4ede43d395e6da0dc1e25ea42f1aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1fdc13de64cfdb8ba3fcd71aad9d33d3

SHA1
b7649cfd66d751435fa56a4b4b20daace452c692

SHA256
fa890605b23aecfebe4300d159f10096cfaba982a942c8ce829617b3de36a783

SHA512
3c9dc261a1f0a96d4433d60de03423d58f0bd63dbf5db48962372658103f16991f6da06c1670deea1e51efd2a15aae699d1d287ee377e0a457299a7dd9f691a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json

Filesize
3KB

MD5
ddf7d2bacdb4a3d76d06014702c86022

SHA1
e0c75e997c8d11e10c945ecee6366df3455b2cbb

SHA256
5b5514569038c2983a896f61bdbbf717c065cecbcf7e991a638143772f439fcc

SHA512
dcd7f61537ed0d61f154eb1a6c4376a674fc548394b28f34f40b87f34598d4e02a59e03d294d2076aa370bfc68fabf63c944cf04b980d67bec916772ecd7feac

Download Submit