c865d000221956097f17f84846e35fd133230cc218e54bf7d17fcb7f46032821

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

901KB
MD5

bf308cf275e959eeb67e0c8e6058ea32
SHA1

444d5dc971e53ce37b6722a86bd92d10a0e676c7
SHA256

c865d000221956097f17f84846e35fd133230cc218e54bf7d17fcb7f46032821
SHA512

ebd6e78479359ea36e58b98ea0d2d4cb9a995bbb004e2c0de81d76d167294dfb08a56c5efe7100ba78d8f58b45e3c0d65890f119c39d554292819328563fe3f0
SSDEEP

12288:RqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgawT3:RqDEvCTbMWu7rQYlBQcBiT6rprG8aI3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3704	file.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3704	file.exe
3704	file.exe
3704	file.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3704	file.exe
3704	file.exe
3704	file.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe
3704	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4828	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 4848	3704	file.exe	82
PID 3704 wrote to memory of 4848	3704	file.exe	82
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4848 wrote to memory of 4828	4848	firefox.exe	83
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 2636	4828	firefox.exe	84
PID 4828 wrote to memory of 3588	4828	firefox.exe	85
PID 4828 wrote to memory of 3588	4828	firefox.exe	85
PID 4828 wrote to memory of 3588	4828	firefox.exe	85
PID 4828 wrote to memory of 3588	4828	firefox.exe	85
PID 4828 wrote to memory of 3588	4828	firefox.exe	85
PID 4828 wrote to memory of 3588	4828	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97393a0c-4329-4d07-b853-34a858222fce} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" gpu
      4⤵
      PID:2636
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2464 -prefMapHandle 2460 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {806bcf21-9067-491c-9bfc-a85125c3a333} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" socket
      4⤵
      PID:3588
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2872 -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3272 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3566094a-5cd9-4d36-b56b-940c525f6c14} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
      4⤵
      PID:4948
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3648 -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 2820 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49501437-d8e5-49dd-ac4b-670e365ee4a6} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
      4⤵
      PID:4824
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4796 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4776 -prefMapHandle 4788 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20c715c7-a9f2-4d3e-9aa3-077247f85587} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" utility
      4⤵
      Checks processor information in registry
      PID:3564
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 3 -isForBrowser -prefsHandle 5496 -prefMapHandle 5396 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fa0564f-b341-4771-9e27-f6365d3263e0} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
      4⤵
      PID:1408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33931c59-ff48-4891-b805-1acfb08f8478} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
      4⤵
      PID:4292
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5844 -childID 5 -isForBrowser -prefsHandle 5848 -prefMapHandle 5852 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ff7bf13-c3d2-4ff6-ba9a-ddd48c4e9a07} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
      4⤵
      PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
e3519b14cf05c66aeea61944d5f1625e

SHA1
5f32f2b61bbbd6a7bda73344644130fdc069c4f2

SHA256
e92246e496797c31744749c468af70ed61d42490d61c896f7b1fc02ba294c21d

SHA512
f48d9fe481a23fa2dc163a33b739e1dfd400ded06aeb93197eb601b2540a85106deebce0a27e44a88b3f319bb99f7c0052dbba5fa6d8b7cb78c88961137acd91

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
9b618fe4fd1e1225e91bf51d458f6910

SHA1
865e3cf950a24e9cf63eb3cb041cd27b8ea33515

SHA256
a3c231c44e48f5ea1397c36c6c040f36ec0b2bf7f4fba06ea6394c6de694c25c

SHA512
72fd1ea39be78fc74500d4a5b5f00f7f11755357b20e3ac5ccff15a9905e396a3ff6d5e97e8360a538db67c2abc514a83b0f9a09e09a31a04c3434c5997ca72f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
6KB

MD5
0011e68092d787d06b7be245d75a68ca

SHA1
a01bb49fe406bf057387ea59d78b8cc513816581

SHA256
86cd945fe8e0ee02b4cf17b087a936e62f2e23404aaa625170c290b6aca1b43d

SHA512
6e031ceaf459a2363136f08d17b169113df069beb4211b22826bec638accaf739f487d20f3bbd1461a5ba8224d9dcca258f04ea1e4537205f29006712ba22eab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
11KB

MD5
71c578df5d2e4cac126f48b36aea6cf4

SHA1
a2be763510172b457339214f3403de0141f5e2f0

SHA256
eefa454aa4325eb7ee4780cd48d534b83a3bb0880aedaf1d592ce7608d0db898

SHA512
b51ba1d41e2b0b5367c2a46c46140e6a135f3bfe6477339390c0f51b87e0a41ae397efecdcf59b9199be0228b3a9ab2bc7828047daa3895ecdbc455dd12145f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
12KB

MD5
ebe476b223676207da57ec2ffb0c7727

SHA1
4eead3fc630465a17d644ee615365153de9a7036

SHA256
0e1b36dc2dbd57fa27920ef4b0154d010b594e670fdbd179098e2f0d229e2b92

SHA512
46a4b9772bc1f7bdd7b23a892318a0f63421c74f84f8c0e75acd92b3c415d6f274aaa8e12539d06b965444ecd5bebab3633d9e0241e6c151056c3e84404570df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
16KB

MD5
78bbb4f51241047f73449e4dfdd186e2

SHA1
6cb34955d05036a687dd0a624bf3065bafcb2fe8

SHA256
87c4c11f3ce5b6e47e99da022ec34df828682d971df0b106c0fa7b67c81fd7be

SHA512
e6d71fcce3d35abc697d6d5cc0852ae06501b208e030b4384a22989292b75e3bcfce4ce45b69c24ce22865915d0ef594a4535d4e0a8a91fe971428c090edead3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
794b85884a5f84fb1d4a7b3172b9f86a

SHA1
15c2a0a5449ea611f8aca80a1883c324a2541cc0

SHA256
a3457c9277030f5aaf69f3e9a02e0c04f9536167d3ec0c5fee10a710d6433808

SHA512
ab7f26576601481e90ae30e05d19bef0a3a86e9480ff225d00a40d1f952af0fae3dfef636b7cb129b89e03fa26b63f137f9d759d93ea05056eca218c41c65873

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
f46e5e2d00b5a8d390cad2e1eefae6d2

SHA1
750528884d0f592cf00ac9bf3be3a652a01de936

SHA256
3e720434f83d25561d0bcb28acf90248166541131a94df2fe3a98e7d55a007bb

SHA512
5a286a55a23f89f074a45375ec82e964ecf7fa595052cc852bf565a321ad3c9241132b3600540a6eaef290e7847085febbad74220462c05c44e73144f4913fa2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
9e1cc6f71e45f34161cb794b74886882

SHA1
1e43d200d4828601b5d2dd921c6db83b6575c9cc

SHA256
2ffa700fb3343d8c909b862607bced4f1b28dc47670c94c1c8a5599c11c7de3d

SHA512
71d938bfa5484a64d3fda070d6644bbb3c5a68d9dbf65190ccd96a2fd0c53a27c431f3d5c52efde4c5ad05748a657960a5f33e812ce0f251915dc07d9567151e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
dfbb5b60e9e72a0923023031ab43ee94

SHA1
2fd74c721352f63c6abbcc8dd1b28d3b42ff034d

SHA256
b5e8f632753e413ff5ba6464c341fc7650a2eb72a594a66a5f0bebd84e03f529

SHA512
637d57d3e0ed35ca226d641caf49df0eb9593fec9fb08325af45619487493207948d6065a45b70ce39f33775bb2f858cb336d57d7a83a38cf09aa0393f579257

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\2570c94a-779a-4722-9227-73c1da2fee6e

Filesize
982B

MD5
e61ee9f4546370499b2655a8dc73e115

SHA1
f1f08c360d294048cc50fcbc7ae262ef89e57ddf

SHA256
1dc081fe5936a69aa3a2633e8226d57053ff46e71001c445a1fcb12c4cf2223d

SHA512
6298437e5db73f6e9eb4a0904a2a3d63d9c032729bdd655a26f31b12d1ba64fa4e85666a1742f74936faf9fe94b99c0a0eeb627ca2c07e8386c19326c71a7142

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\376403cb-0240-43e4-9fbc-dcba15a40c3f

Filesize
659B

MD5
1d7474e6a0b136bbeb0d685da75cb1a3

SHA1
9350d458c1f794380b55eef30ee0f017676b4bf6

SHA256
96eb57fa06b4fef89a1cb907261a4b801fd8801a7493ca601833145263cd8a97

SHA512
ed6afcafe1c4a59a9a0091b648c6dede43874a11d583415e5b5e7fb9a8bcf945e00d8c0395ce577cfb0b9b151d340f90fdcbc0f84fa37e2450f4f8aa0961dee0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js

Filesize
12KB

MD5
49e2baaf8751fdf482a612b8d4f77c4c

SHA1
5ed1f54215268aca6dfa12619f416676c5dd6221

SHA256
369b92ed13b803914b372db9366e90bfb754c5f00d6a78ae42440bcb8b6a3d3b

SHA512
029612298bb43a26c0e2e05ec31b8caec5923d2d5f7074685e7b2994aef46eb52b955758a8ba3892d8294b5aeca5a82c45cc5f1ce6080bd1f8b1dff563234e22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js

Filesize
15KB

MD5
516896201389adefea0211922b795a80

SHA1
8f377d13ebd5a8205a44b71b89ac3f95b5a35e0d

SHA256
0d055ca3ea099c1095fc4ff379268342ae636a8de0ef77ea70a05504c64f61ab

SHA512
c78c897a28899f48c8e61f9719c8ff67add7f247ac84ce4e5ed6564c56c0507f943e85a7e4518eac27a346962b97dc7bb3749e5ee1a9aa4378aa80e98c44f199

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
7eec279375ac861a945c1efcfc1f1435

SHA1
9c5c78337d487420afdbb7ab2d2d4ef6b4f5ee16

SHA256
f5aa6a23f5ba3bc0c083b7ace0253e1da7b5e77a4b5e9a9fb211d6a4a39739d2

SHA512
0337e48d62044829b18e0cc5bfd57b99a1a5409f2a8de632591c1079702c46363a222d276ccbfb2e2da3c3f71cbc0e825ea826a828e96fd82891b890057577bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
368KB

MD5
0858c817b1070f1e765c8dee383217fe

SHA1
9d1359e988aaa08e5d0b1cc87cc0ad096fd5670e

SHA256
e5157506ce78208b60d78755e8fd5cede3673e4601e54033664dca3965b9f563

SHA512
fe874a9379bc8f922fcaf877c7410f51bdccba2bef6cdfa1b65d06d35bf5d89c21a4527cb9b26dd65d07779021128c63c699f2b2e424add08b22ef25807dc815

Download Submit