38813921e1221c255897205852d7203ec486a7f7201d3a96258a1a9e2bd78ba7

Analysis

max time kernel
433s
max time network
945s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20-08-2024 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerBeta.exe
Size

89.1MB
MD5

c8b688fb36d4232ac65f888edc2a4f20
SHA1

48717e1920b7240a5bffe692cfc97ddf268830c9
SHA256

38813921e1221c255897205852d7203ec486a7f7201d3a96258a1a9e2bd78ba7
SHA512

71fb70982ff7acc688c0a5b48fb56c94f7fbe807902ef26182643ca9360055d5d3cedb2187be5de42fd3921eddf26662b034a4962fbc7a9fb45fd5c77d918e0b
SSDEEP

1572864:S/3v4HQtvSEl7oEbNrWFbtjmVY6bC1JZyfjXpI7jxCUw6+LVF:SfvrxLxSFbtqY6bC1yfCjx01F

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	5480	firefox.exe
Token: SeDebugPrivilege	5480	firefox.exe
Token: SeDebugPrivilege	5480	firefox.exe
Token: SeDebugPrivilege	5480	firefox.exe
Token: SeDebugPrivilege	5480	firefox.exe
Token: SeDebugPrivilege	5480	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe
5480	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2160	MiniSearchHost.exe
5480	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 1456 wrote to memory of 5480	1456	firefox.exe	95
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3700	5480	firefox.exe	96
PID 5480 wrote to memory of 3320	5480	firefox.exe	97
PID 5480 wrote to memory of 3320	5480	firefox.exe	97
PID 5480 wrote to memory of 3320	5480	firefox.exe	97
PID 5480 wrote to memory of 3320	5480	firefox.exe	97
PID 5480 wrote to memory of 3320	5480	firefox.exe	97
PID 5480 wrote to memory of 3320	5480	firefox.exe	97
PID 5480 wrote to memory of 3320	5480	firefox.exe	97
PID 5480 wrote to memory of 3320	5480	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerBeta.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerBeta.exe"
1⤵
PID:5740

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38ad06d2-dabc-4bdf-a04b-530a10637484} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" gpu
    3⤵
    PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b24c3cf7-32f5-42f2-a659-0dfda036586e} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" socket
    3⤵
    PID:3320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07bb5f35-c1e3-48b3-93af-4c4717e63496} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" tab
    3⤵
    PID:5076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3896 -childID 2 -isForBrowser -prefsHandle 3884 -prefMapHandle 3856 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f4f9414-ba44-4b3d-aeff-c22011dc9e6d} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" tab
    3⤵
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4576 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4588 -prefMapHandle 4584 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cacb6d5-2a2c-4f5a-915f-5e1e112e72f4} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" utility
    3⤵
    - Checks processor information in registry
    PID:2528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5368 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0120698-14c4-4e10-9b6c-4dcb10f2c03a} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" tab
    3⤵
    PID:4336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c42d0ea9-4021-40ba-891f-7bf57a55678a} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" tab
    3⤵
    PID:72
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 5 -isForBrowser -prefsHandle 5704 -prefMapHandle 5708 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {312c2c6c-d7f6-4050-a732-029c09972302} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" tab
    3⤵
    PID:1180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6124 -childID 6 -isForBrowser -prefsHandle 6116 -prefMapHandle 6112 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37930679-aafe-4966-8d0f-b36b0cb0fb82} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" tab
    3⤵
    PID:3116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -childID 7 -isForBrowser -prefsHandle 6468 -prefMapHandle 6368 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ad00ce5-fab1-4ae9-b6c8-6e8f42bcbb5c} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" tab
    3⤵
    PID:2164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6468 -childID 8 -isForBrowser -prefsHandle 6304 -prefMapHandle 6568 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c64859aa-1913-4974-ba55-456fb90d8447} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" tab
    3⤵
    PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
97a94cc021278a4d25b870bdc71f2f09

SHA1
57fc0c713e888289ba26edc0055c19a5230a8743

SHA256
5f42989f1976aacbf5acb9eb4106b1fbb7f4561cf71b5646a19ac872f7992a0b

SHA512
d10fb719d72f57d31ef381cb9175b811cf5a48c21944009231fd42691826209d3f812b63ba3dfff4db4a0c8a26f5fe5aca0d46745e218a9a217a5de59fc2922a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
629da28e1999da2b47c30d34421b7f93

SHA1
0ca9aab854aeccad487576e7a66a78c868bc5a51

SHA256
a41d47833134152bdd5b7dc092634c484dd4ecbd99fcae113752a885dca89c5b

SHA512
046b043c06563b3c439caf3ce380a3584672faa42679aaabaec69ba49ab49395118d9a572062dfba0ca97031d0bc0eedb17f1a752013d03b05e9c38847f4256e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\9357B92D7A82DC731CBB46EBC4F197AB314C7C11

Filesize
218KB

MD5
52b4251bbc8800fac2f151e9ebd9ac30

SHA1
73f1f5e980e836c3b554272ec79ef9499451cb0f

SHA256
e4b52249301d4b8456a461c30599a434b859cb522bf1572522c396c91cb062e4

SHA512
faf3f8520ea11585faa1ae6e982b780d7f445a5857cf18d7325fc499a1059f9bcae582b6d86745b9a5aeed536c305f84d6cfeaa84ff47a088fc62c6f75d369c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
27152171537c47796aa7194ac41383bc

SHA1
430c380ea885fce765a771cc40cbfe6358b4d04c

SHA256
28276ad4adb3f540918a28a722f10a63406037b96a14e05565e31ec90c605c22

SHA512
044ded8d45d2249f69ae617768398a33cf060618f1cb583aa9d9a34171de10bf3e23f6e49b3c0b8ca872f5ecbe98e841168fb3e94fdef2efbb299a3cbc01f616

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\13CY1JADIC31Z1BF7BD2.temp

Filesize
13KB

MD5
9e8eca0e608a79fae97cf6888afbf8e9

SHA1
baf26b0f59e6e9819a6a3be12d45399ad7bae479

SHA256
403858770e5a7da35396689703089fb816516635908441a320e2f89b000c8062

SHA512
7a0563110e6067b6c5811fb665129a29ffc85094107418f4831d7d860fa03f1aeb6c9165cd3e9cc850f3aaf16fe44b51cb0b47c354858ad08179b46bf2a1e5f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin

Filesize
8KB

MD5
8c7a62c0eb5b71d89c436137be36e22e

SHA1
b0c73bdb25f4a9f4e37e84258f4d97d431d49bdb

SHA256
3420dca282f8ca2d296f2f62a73f1af244ed4ebb3516a5aabd7c0cd6d050b851

SHA512
362d47d7e23aa63d4c384cd2a19e88192ab6ee028a97a60868713a4329351d3a2c8e13347b682605db1cf327fa9b5da9f685236389996c42d14dff140784667e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin

Filesize
12KB

MD5
63ddbf8743a23caeebeb635dc2eb0cfb

SHA1
c2a70c4378a177ee0cf37df002028399cecb768b

SHA256
ac4c565b85b9fc49ee184cd38c1ffa819e0b4b4f10c3ae3bf795796a5a1caec5

SHA512
5e66dd513b33e29feeded2c1ff7f0fbb54a087aa3c6f6e523eea3a90d95e55d9334d9010a251ac6e8867534ec1df7221e466d33883c0a78149f38a629ec77abc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\bookmarkbackups\bookmarks-2024-08-20_11_ACaLimBSxuEJeCX58bU-KA==.jsonlz4

Filesize
1006B

MD5
7c973b0250419434f56f17be835a0ad2

SHA1
843ab29a201110e9ae5ee538a649e4dd4133caf9

SHA256
1d060a4f63e43f8d46b7bf35fda6a3602bbb038c4ff1afdc074d662d74780431

SHA512
9939f90d091b3ffde98e4a4de7b6676d077456d2f54be990687d4d5c0751ab39967942db883f641d0c6e93fe98966efeadf518fe0f234f6a5293b7f0ae6acb9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
39KB

MD5
c060204aef24b6bbfe1ac410abff23c0

SHA1
b30e304d1473ad952e49a24579e39d69944cc6bb

SHA256
62ee216043b3f42862ce950ade26dcd8a571d9bcb5835d95438088c34be38d4e

SHA512
877b457937db9ff8b8306efce6de4dcf3f57d05c8f6f05503655d01ed014ccc62fe7c01aacccdc29b6e91546c9caa5db6d3f64d25c5856ca259ec17b9e0fa3c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
2617a97d52d04050086c37472ede4922

SHA1
55c0e0fadd27cc03637d165fa617c45b6bad6532

SHA256
bbfdd7ab87aade0a1a38260c35dac888e8a07e5defa071f683288751b1296009

SHA512
72af09b5df508aa648ea1f046ec60a41ee517bed77d62862e07eeb1f6d436a16810a035bfa3616885166ba8f79796b617ee3928b9180db17dcd338e2cc94ef63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\2658226e-28d4-45c1-9bc1-7ecc71d8cfb2

Filesize
659B

MD5
0a2923eb416f4b3b3ac1e840c69b22d2

SHA1
f07c452e3d658199248675e8230af095dda2bf24

SHA256
4d2fcbd74f0d47f36f27f23b8e632a1c9fb48551a401e232cf49562c823eafe9

SHA512
dccd40fa5b7c72e972eeddf160fdaa12fc570908b9792db831a02b80ab9242ef8987dc13c9aebcad0767a490307bc011568186bebd4cf04780cf9b5df16f9aaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\c624c213-8d44-4c64-8d8a-ac58363f1d4f

Filesize
982B

MD5
5c55fb0ec2c8e78ec5f90abd36bd7515

SHA1
cd3a9d27a43e7679a5cbad8d509791dad20df179

SHA256
8c2a81ebbe18d23fe9bec79859e84b0b209e78577a50f19afaf89b8cfb77891e

SHA512
bee17601da52c66d38ddbd9b035a82242b871a7c4d5508403c9fe4ba96c648a7bde5df402d5b53b48421fc7c5dc7cb464096a291a527023056dbc261830ca7df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js

Filesize
11KB

MD5
180745d3e4f6a69eeb221a395cbfc300

SHA1
f1748e6bf3cbfb1063ac3181ead0aeb818de4677

SHA256
5aee9003f9faefb720ab1465b1cfc82f7db1d100d6575b1e363f3df9ddbb3748

SHA512
7b62c25e567952723968852d6f415eb057749ab06f7223f9a26ec83241143b4ec9a9acde115039370c6bf692dddf742547a8c5e04bd47cd1bf7b9fa4d6251b0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js

Filesize
13KB

MD5
1ba198ee93e152a49ba1c6100c66ef07

SHA1
cb9f35b1c2c2e34b4d2347196bf161a6c3079fe5

SHA256
a71bd7f64ae83217d196d5d54e85b07f252781507272ded1c63764cc553b2c8e

SHA512
1f44b217e811b6716615eb3bfd2922c8da61a31cecae0b4859f9b5efc0261ee9c3889dc984411df1868499b20a12d7ec4a798ea3a8acfd21fb7662bd5e4ec16c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js

Filesize
11KB

MD5
09c691cead49b88ce446423037adcf9f

SHA1
873c3029f4dce9025cf3007a51fce8dfa6d2cc5c

SHA256
de3e4339baf4b155a2349de195be37326ecd02cfc74c29b80574326e82b3560c

SHA512
97086b3dd50a67630b579c1f01fbb1b40822b20daf5280cfe488d5798d7bd81fdc4a7e773fd40cc7d481802e0f3d4a7b15278129d9c5b48943aa6110aa6202d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs.js

Filesize
11KB

MD5
79eb26b636c77093537799a75b28ebb5

SHA1
3297615f9a40f7e4da18e8077ec99c9ebfeba852

SHA256
9626651db1fe927864415be0ca3ce9286fd93083486786603926bcbe282571be

SHA512
d0cc4cea0a24139d5fbeec458f1117ab29cc83e406f8d25ce488032dbfb0f4affc123c827ce350ced2cdecf1dc81967ebbe7756df985f89b4714534a31b6eaa5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
3ae2d8546f61e0ebb706a9f5b5f96125

SHA1
2bae66ed6963c62edd2bd07c39fbff35143c0fb7

SHA256
8880e0af4bf27b9def38799f29c03b7f4a52a0aa7df39d241d3a90e50f289d1f

SHA512
d78022b4bcd64051c555efe6450323c67d545171c4e513dd7ec4d2713daaf923e185ec2e330739d27bc0c3201316f6ff2e5f007d804a1222aadb07eafa1d1cb7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
06cd9b923ea4e01fdc819ff3ac35a380

SHA1
c44bc26b483dae2f3df2c1d58798b3e935dd957d

SHA256
20e3326cd2a6c1eb9776953cab55cb681b611b9ffbc06b39a89d2a362dbd96fc

SHA512
a0559f861bc00281ca40dfc8615c0f230868997a9a04e8b9927c26e4c52081fe00ac4ff64b6ff5d1f62164d47434a01c196ebc251da67f1fbe48991002fb6307

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
5f65a4842e2a34c9676a0e0b68e929f6

SHA1
8403e7dff8af0ac08bfb0c8722a809e4eae91aab

SHA256
8a95cf90f31f0442499440c4bef17d20bbcca910b4f77ca4785753380387bfce

SHA512
384637a3a330cb3619a807810d13585b035df9ec0b5ec5366eb212887c2c682ca0304adfb67c0793c2491069c7f5b6ef4249809198cb9b27325cc05d0c2f7885

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
02f690a372de0a83b674d885dd442698

SHA1
3a2d2137c7c654074b6b66e9f6b722c193c91798

SHA256
3c2150c427f8194dc12a00fead93e68cbdb5d201f96fd726a7800eff49e1ec84

SHA512
b738bb43c09eb6b57f51aa97825af89fc2e544446eceecba32851582a1c441b1f066f88ec5f90622a59557a243258953d5b3238635da1de11f14ef32d03dcbf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
30f7c8f24d860b3b3d625cc92848c31a

SHA1
23e4e9de0b3388d2350ba48cea30064b7cae558d

SHA256
c1a2ce0362fab6b44a82630d5afc623fa72a7e0689ee51d0b17aed2e3189a878

SHA512
1a944f96f720235050e8b5abf18edf4893066bca61258e2923f2de33e22d55e3196ae2369411cfcb5cd086414f933388b82d9fc6966e01d0263183ae41fb2e98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
fd0a58e43efb3fca5dbfe367ed8f0945

SHA1
3687d4cea89f0c580ad2c9070baeb7aeac413894

SHA256
a5a3f0c2a5ee5b55bde1fe2bfffd561dfca6a50581d02bb0351a5ef9bb554dfb

SHA512
511f6793a2921a8ce4029ab219823f5c5344e41a972452e9717a38b99c14d87e08821c2f01c0eb5e854b1b523c98bdff203990adb5ad6433efb5522bddff85ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
8bf588555762343ebfd4174cac1d130c

SHA1
08a6da6de27051b04c45ebaf9ecc0117ae21b8e4

SHA256
e45725372e408f837b6733b202d21b97c718fa12a744bf2bd321465dcf024cbf

SHA512
c6cedb4541270ff59afb299946620122c0ac8e150d3006bdbc69eb82cbdd8e41eccc9447326fff6668fefc5641e1f6fdfdc435f3f64956f5b781ef40d3802c16

Download Submit