04f1d1697e599946fd2806ed6242eabccc950c37adc0f98ca98dec788e2003ae

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 16:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Popcorn-Time.exe
Size

2.0MB
MD5

a76561e8be841c6ef7d50865e5e2e8a2
SHA1

15578213d791e389e6a334d7550ac64e6607ebbc
SHA256

04f1d1697e599946fd2806ed6242eabccc950c37adc0f98ca98dec788e2003ae
SHA512

28dfa54cedc1ff89e1b9f53daa5a86501d19332098014b9d19cadeb17045bf0d32c6e32d10a8f8f9f60a625cdfc028e88261cd6a0197863b02f2f6ca3c58fea2
SSDEEP

24576:THHlrFzch8at7SOsBI80T3E2iq5A7CjKlFlA0xqJDTw52SrmqyDQA:TH5FzchZSPBT0zE2DAuelFLxCTXr

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1520	firefox.exe
Token: SeDebugPrivilege	1520	firefox.exe
Token: SeDebugPrivilege	1520	firefox.exe
Token: SeDebugPrivilege	1520	firefox.exe
Token: SeDebugPrivilege	1520	firefox.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1520	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 2768 wrote to memory of 1520	2768	firefox.exe	102
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 3708	1520	firefox.exe	103
PID 1520 wrote to memory of 1332	1520	firefox.exe	104
PID 1520 wrote to memory of 1332	1520	firefox.exe	104
PID 1520 wrote to memory of 1332	1520	firefox.exe	104
PID 1520 wrote to memory of 1332	1520	firefox.exe	104
PID 1520 wrote to memory of 1332	1520	firefox.exe	104
PID 1520 wrote to memory of 1332	1520	firefox.exe	104
PID 1520 wrote to memory of 1332	1520	firefox.exe	104
PID 1520 wrote to memory of 1332	1520	firefox.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Popcorn-Time.exe
"C:\Users\Admin\AppData\Local\Temp\Popcorn-Time.exe"
1⤵
PID:4152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c0eb912-9100-434e-9982-1f42af4b8389} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" gpu
    3⤵
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdcb821c-135c-4b54-8272-a649e6dda4cf} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" socket
    3⤵
    PID:1332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2948 -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 3180 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5be128d9-1923-4c38-9f0a-b5bfd3bf7fd4} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4224 -childID 2 -isForBrowser -prefsHandle 4208 -prefMapHandle 4212 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5618b80-abf2-426f-8bb7-bfa45ac623bb} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4896 -prefMapHandle 4900 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f66d149d-8f04-413e-be22-ac2fdfcc076c} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" utility
    3⤵
    - Checks processor information in registry
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5284 -childID 3 -isForBrowser -prefsHandle 5304 -prefMapHandle 5300 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27a0db08-d9d9-436e-8118-9fea11b92c3a} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:6048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 5512 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a6d6950-7125-451c-83fb-6f49a95a50e6} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:6060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5704 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b75732f8-b76a-4433-ae5f-4632dbcb9d3d} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:6072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 6 -isForBrowser -prefsHandle 6052 -prefMapHandle 6048 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b23ebd4e-68b7-4917-8275-f29be917489c} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:5528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4232 -childID 7 -isForBrowser -prefsHandle 4488 -prefMapHandle 4484 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba8a186d-af48-489e-b926-a9e1665050f1} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\activity-stream.discovery_stream.json

Filesize
42KB

MD5
a49d4cbfd058d081f0702ffd6dfcb840

SHA1
540765c369961e9da99286137e99ffce3f97dd43

SHA256
437ef658fedb75a6e239aa7694c7000725e7cf9744f3d679852bbf8815ef6b5a

SHA512
98929b617ba64b9eea7cb852d9fe08169c6f941ab9f641aaedc33aedb33c6d6d3cc04d552400244e9e8a795f134e8c68d859ee07728b8c45504c44f82d944771

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\8009AA7615959742DB0E2C888BACB228D61FBA60

Filesize
60KB

MD5
e52d527379c29c3fece359221c2bb840

SHA1
7332fe64ee5a53b680ad9b113d478b054c6711d9

SHA256
f209f5cbefaae26e3cc234d7726477ffb18077f91ac4242f46f9ad6819a7f12b

SHA512
0480273b21594d5f52c91420e5f59b6938fb0ca8d02c170deebabeeaea550dec21019ca9f63eb4c15aade3444a2d02f4f6afe393d593732dce6b4182ec50ec58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\8999BC8CB7B8114B87D8185D8CE1BBF1E6377016

Filesize
219KB

MD5
6483f9a0bc12f1142a10151f3f9312a6

SHA1
fe7cb063d23945d6b4bbb26de4b24eb108a602c4

SHA256
1f20d386f7ea2e9e7088ad187bb06b8d9c226d2c5462a7ffe13f733c908ac086

SHA512
91be9fd44429760f338d8584b6debed689159b26874bccd208f314619131203094c5e3160bc2fe6e1e3c702689d64625812d56554e0832ed1bb20a09bd072782

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
8KB

MD5
8e736541dd578c74d5f62907ac2bf585

SHA1
2c3ed7f62c0d72af6e50baada87fafc29e8e4c3d

SHA256
fffea2d0784f2e4887b6dc88bd7058f7d3d9d9c8db8a1c367eb8873f5b3c46b3

SHA512
7564d8a6512c88424cb8cef105d14cf7ceae73a7ae4de73bcdb2b8925870e3c68c4cbde1f78bc42c2cfd1add77e9e3bd39ed921eea1e7072c1d11a4381889bb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
12KB

MD5
45ce03cc5595125d7793c324c705686b

SHA1
f6b6f784c614612bb526e1e471c3716b0ef08bd9

SHA256
6cc070776b2f5b4b179b2dc97cdca83ddb04c4586808b32607430828dbf11b49

SHA512
0e0a86163e932aab5edc05e83a4918a88cf3887b1e1cc6ac516e48a309da996d779690689115bd16beeac411c3d546fbd26f189fdee2be3ccbabfc3d60e867e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b068c96715092a9edfbfa833758601c8

SHA1
14bb8ceebc5a8c6e143ff1bcc20cf45e2f3a1905

SHA256
11ec1f534ea7b5e307ed29c74f30c45c8071cbe9c771909a7aed9130a9b3882b

SHA512
733a2654ccfdd3081cabd3cd1945d771c9a1772c86cfc001ee38ed25d357170892aefafb0b0c2c0a9e2a4cec5d8355fdf6b73e59cd70c6423f4766a018680214

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\12740cfb-0f22-4bf9-85ff-e548ae8f3767

Filesize
27KB

MD5
c3e696c3c162ae2fcac2e2309aeee05c

SHA1
bfbbdef6b534a2137051c1fcdaa074fb08af841e

SHA256
48e487f11e98532bbfc17218f7d77b6a40d0c65b02dd0d63fcb3baa539bf1539

SHA512
8bd73e9268432ba08faba1f9857437da98f0039dcc439ac2be52deae38061ea3dab8b6ce0df3d334fcc9adce6147af5e4ddb22e133bee1b12e5972d686793e28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\7a311795-251b-4c4c-8c4a-25c1d42b59bb

Filesize
671B

MD5
53633fee09db0925517ce2c192f53dbe

SHA1
989012c7c8fb1a5793fafb6f34f6d76615ecabac

SHA256
6dc0524bd07ed7c7c06a6a7e2b9521fbba8d9489b7ff4d9a7d724b7ca98d043b

SHA512
82f50755b82edd38c04048b6c8b6614ee4f029d2f2779c02db037b00750072a7628cba3e30fe405629f409bcf78108d5f0158b37479ee8b814f6d8f5e7cfc05c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\f9ec72da-0120-4972-8c0a-ed7729c4e8f1

Filesize
982B

MD5
90cd9ab9505477232e5f3648a2cec502

SHA1
f3026aa8f09df6eb11e6a119a309c792611fe260

SHA256
963122d3732c4e152505f330c61718b430170762fa3726e07b777e0e37429cc2

SHA512
1bba09b5e8a50a68caaac65717d1b69329155561b1a09881d52b3487ad37212125fe9eefa8ff4022ceb1cd5e82b459717e35f2f22492fb3032f16771835e7198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
11KB

MD5
940a2833fd8e16c6fd283f097ecf6d4f

SHA1
7216e5aebff51188096952f7dc1f9406a0d1697d

SHA256
1928e9f3d0457be62144ac9e449d397f6d80e6b3ba4856b90c37b3a5fabe16cb

SHA512
fce4d2f090e4aa8962625f6404c3331407494a24966477c36705882f8b8c5fc4e0268950b63671e571c0648772b2dcee361b9db9c32365ce3362cd305887b59d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
11KB

MD5
b87710f336ab411193b488ca855e0d4f

SHA1
c1fe410b18a3e357bac5cfafcb4646e9e906b78d

SHA256
92c16c424a9bb7384f4e0f0f2a595b5f1286498e4cea8328ef59fadf70832fd5

SHA512
fa817a8b4b7e5e64b1d1fa536b2e2827b70b84abae2f0c9f4a6723a00ec122e22ba0c477771ca6174b37ad40454d0f58a365955ec4d83b3a5b8a14b6dd69cdb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
f5e9999eb2bf70937dcca2572a36b1da

SHA1
4467edcbd11caa4c875486872c385c9f4a5985ec

SHA256
f82da345970d2daf64c25b81bb0ce02ad6d4bf30950dda1ce2ddef513d72c29a

SHA512
b8d3cb6437bea1bb1c0dc18afa26421f8aa9cbbbd455a746356e8cf8be99216b413fce9a35b112d50fc3cad4e83c0a044788d49dea903fede64c312ba7f0113b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
9be4fc821ed9290136e1d1928ae938a2

SHA1
b917a4b7c99a011f07d84d0058d9f89204a228f7

SHA256
deae529ae0c3cd680bd9283ced3aa65e004ff343204e6b0eda33e23efbbafbc1

SHA512
3200a619c0af7fdce8507f643a0f4e1e6a64d230574cfe0566fbcc86ea185708e3bdf50eb044d4f0dc0a105353ed10bf122d55a4aeaa65b0f399f49515a79c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
af68b311b66ed54ebde2f979a426a40c

SHA1
d55dd6062f5e83775cd04051f790d7f5dd1c8359

SHA256
6730e9031d6590862fade89bb432387bb2faa21259e236842cad94dfdf2b203c

SHA512
f1b77f2c7cf606ba1311c4a35a6fcef95e11809dc97839cac939db856bb868a5fa666102685522051fc1b55ea7ccb8e4f3e2599063efb84f3a5706f078f4b32e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
2198b8c9c97c2d353a901011fb0f45ba

SHA1
fd5e5805f4e0d2a900a6a941e83103ded3e47078

SHA256
5ed0e542dcf24f8c127f1cc99df89fbe1a26b73c54f13313818de0174dda76df

SHA512
aec865634b320144f68b255dbd1335d04ca8de3bd5c0340196320b21216e1bb628e725bb7c2baf9c214c88ff6ed1440d73823b4748a6f07697b08c8526a6717b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
247e4f9dce358b21aea3cd1c88240cb2

SHA1
83abf42d97b434f13bd163b189b19d99f747a3fc

SHA256
c824e6075888b0f8a1c22b75cf29f1b9f204e95caf898304f4a66d0e6483f326

SHA512
74ab9313da39c4f471532b953910b1785763a7f614784965e7b654aa0089978a32885dcd74b4f7aab0c4309522629a16c93c1ea31f297e4c9fd63ec2cb86d813

Download Submit