89981725d2c4b1ad50370f1c586f38e94dbdf1f34b0b76fdf5726c3dbdc7b70f

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

900KB
MD5

7596c0bae48fdebc80b4780b5c0bad28
SHA1

dca9b7fc4aad0165a456415ab6a12144a2acaef0
SHA256

89981725d2c4b1ad50370f1c586f38e94dbdf1f34b0b76fdf5726c3dbdc7b70f
SHA512

11cdf53bb97511aaacdd10178d03c0f8d8cc6210475b794999c6490f3a26ea5ce7705a522171d5ac21a521ced1750a7ab2bdea95bb20dc8edc8b9d669151d5e6
SSDEEP

12288:/qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaDTD:/qDEvCTbMWu7rQYlBQcBiT6rprG8aXD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3320	file.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	firefox.exe
Token: SeDebugPrivilege	2208	firefox.exe
Token: SeDebugPrivilege	2208	firefox.exe
Token: SeDebugPrivilege	2208	firefox.exe
Token: SeDebugPrivilege	2208	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3320	file.exe
3320	file.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
3320	file.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3320	file.exe
3320	file.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
3320	file.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe
3320	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2208	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 3008	3320	file.exe	83
PID 3320 wrote to memory of 3008	3320	file.exe	83
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 3008 wrote to memory of 2208	3008	firefox.exe	84
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 60	2208	firefox.exe	85
PID 2208 wrote to memory of 2544	2208	firefox.exe	86
PID 2208 wrote to memory of 2544	2208	firefox.exe	86
PID 2208 wrote to memory of 2544	2208	firefox.exe	86
PID 2208 wrote to memory of 2544	2208	firefox.exe	86
PID 2208 wrote to memory of 2544	2208	firefox.exe	86
PID 2208 wrote to memory of 2544	2208	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2208
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0a2dac7-2d51-497f-8ee4-c7755e705309} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" gpu
      4⤵
      PID:60
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2352 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb8085dd-b489-416b-98e2-9c6ad240f542} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" socket
      4⤵
      PID:2544
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3228 -childID 1 -isForBrowser -prefsHandle 3172 -prefMapHandle 3224 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ddc05ab-f182-47df-844d-5b6dfd861cdd} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" tab
      4⤵
      PID:220
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3944 -childID 2 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f086393-1bd6-42c4-bd54-f7aba9f38a1e} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" tab
      4⤵
      PID:4588
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4824 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2588 -prefMapHandle 4740 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f94011b0-b8f0-4290-b7d2-cb8e0fc294a4} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" utility
      4⤵
      Checks processor information in registry
      PID:1776
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 5344 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32ec3967-b7eb-4765-affa-9519af31f201} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" tab
      4⤵
      PID:3292
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5212 -prefMapHandle 5524 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b47798d-9718-4304-bb02-ca28b2a0c48e} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" tab
      4⤵
      PID:3192
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 5 -isForBrowser -prefsHandle 5716 -prefMapHandle 5720 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee7e3900-a57d-43d4-accc-5398a4abe416} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" tab
      4⤵
      PID:4392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
bb246b64a12aa7c453bf7358bcd983de

SHA1
b1ebddaefc72532cf51c261b1fb1aea3d6b7d326

SHA256
071f5579fe21a4a74e2ca051a98668710d69219c391a4d3c2d57444fd5240c11

SHA512
cfe4946c1705271987726d3ef10075ba6bcc798450980ca53c96426571c83c13e93dab717391659a4d1804f1eadf3d949b687e8ef856cbabb0d58bd91f27349b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
bdabc59b73fb2bd3690e93f12e6452af

SHA1
ecc1fe1a3709996adeefa1b47a946a2468adc16f

SHA256
9ea1129ea27d6cc8cdf9b11a5cffb46465919779bb6d93a5f855c361db49a09a

SHA512
336d92db0ad3a2b2a795f1f2c17f49809b6c07e4d866f577cbee1a5cbf85663633e5e6cbeb0a79fb54bb466b28ecdc0da995754132b55fbc9df511158b2d4466

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
6KB

MD5
401e0cc50be15765857236a7080010f3

SHA1
e6eb24907631bb942250953c6f0acf3c8e4960e7

SHA256
72e8f4d575d360d0f9a79ae9a517e5e7c7e49260515e02b347d85cd8bb3954cc

SHA512
7f176555695f6cabfbcd62181b5c12155aadd21fe2d9572c39b9455c0a6221a010dd4026d25f1240371da0ff1aa12eb309ff1c22006ac8e3b22022b043647099

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
8KB

MD5
ba3259ffac9fb30038c8242637db09af

SHA1
ab241441b9f465ce26cf61e8017422ddc5d9a761

SHA256
17f0717d55b3b3999bddbad835f0eec337f9191b4b6c90c87d2a6ef8b308dea5

SHA512
515ff4231b58899209f6ce0710277dda94984364d502c26a946f4404354bac224e2c3a382fbd6d2e70c75ceb04c53495cd4ec78b478f0e85833ba2dfb2db92b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
16KB

MD5
5217dfb950a681b20dfea32ccfe12f70

SHA1
bc37ba0a2bd7eeae1c890aafa61be61aac3059bc

SHA256
054713c139a12150a201167bf39301306c40a0079be30acf9f09b15b7b9235cd

SHA512
5cac2e6d1e16d0420e3b2d61ca134e496d433e65549b0e24a31e73382115224856dca71941928b4821d4a1a89714aeaf368001b233a1a469f9009140ef19235d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
99c42ab8af602870335b1f11b818910b

SHA1
4ea147f2a10ebf7dcaed92d85f8b72b457a2dac2

SHA256
9adbd95bed84466d5b9c6eefc5f75b25c360a9810e506a57f7f790799f3fdfb2

SHA512
198ab2864fd72f8c6ae7b93c9d8c0e9fbdf578db0a77893d16000eae3cfbcbb1905db259ce1e2ef6d94a6bbbaaf5797342d3068c90db5d0ff313a9fdf7471b4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6f316591ef1c6e4d84f1a4bb0d8be123

SHA1
603ded2c402f4eb8f0e493ccf4d4b0062aa66892

SHA256
b24ad1bbbade6fcbc0aa350ede62c161aa4d2aa61d1bcb00c02da85a161c93e8

SHA512
d6c01f5ba21b684dac965fdac41194b0af6acceca6393fc8548f9006eb665fcf7ad322b9020590593a289cf755ae4206bb17223d6e4c1d3f0a491bfe67cbf934

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
bcb72e9e801d853dab6ca55e13175357

SHA1
b7f5820f2a93a6bce8256ad6949395f17ce8941a

SHA256
609860fe983279584c41b9a029c6825c46d8e0c048cc4404862c7fab8bbbafde

SHA512
4ed899a1d2e0e4572648443004171792bc891cf36fb7b9fe95d009f7b87cbc4ceb7bb1bdc6ec92d9249bffa80ffc37a80129d0234e530226eb2a2458f65e31af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\76af9b1e-6568-4fda-b467-bc4d06ab1dc8

Filesize
982B

MD5
7cf3afbb611aae09f5401583d9c85b84

SHA1
3cae80c1e132dcc3abdf4a28632e281bd9447f8f

SHA256
6e8e798d82f085253a01e9a2ae13e3a36851ac10857e33d424db495546da5fc6

SHA512
576fdab870303d86b009013372cb3cb9e35a6d26886f9120ebc5572d0020c2cc179137866b3da018625a32a5a2b549b485434cc07d050180d1557bc9e0882c59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\91b09826-6f98-4469-be35-7db482502f24

Filesize
26KB

MD5
41fef22e098efa8182bf55bb1412fb74

SHA1
55568a2d05ab17ea356e81cfccac4afaec010164

SHA256
f56d3de1001bffef0a90ac8465bb2c6e67b14877552e67529b5b37e4a843daa2

SHA512
82162c75294ce4935d36dbcecfa2ee79a0ec829fc7b00d7085d2d492224f485e89b4d0e3bee800c55887856a1aac78855b7b27a3b44afa57f7d46ac33a61d311

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\a78724af-338c-47e7-90af-70536dd439ed

Filesize
671B

MD5
b2767c553c5470fa2e93b2a5149181be

SHA1
3d3a4d986d2ca3a225af393c2d4d1254202d35d8

SHA256
5e3f7a0b3b15c614051b3b710a8ea155592bff5c82806c65772a0d28e39dddf6

SHA512
0472ace703e05aedbaa0cf4b547bc1bdc3fc253bf32defcec23c0feeb8e15079398e0190934c89896ae8d79feee27dea54935b448b89a9d665510fae9393b99e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js

Filesize
12KB

MD5
9f8461152699848234f97bb93348a3a4

SHA1
053af6d1328952becf9086e7ed2ce0bc56087beb

SHA256
48dfc504e2eaa8c126c8f94a45f9f77896204297b56c466e1a7f1c10b4af9b18

SHA512
92458c3c181d5d8196aebba1b5fa294cb28d7244ec6e832db0347e11efa8be9f39df1b5bb72d86ae6d0e0e48d0911054392d97912dfdaa9524fe8118d66373c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js

Filesize
16KB

MD5
8e126236da968aa434d881ec4986a1e6

SHA1
1908f7c28ccb0a156fd90157070eed2412f45ad6

SHA256
44c3262db0a1d7676e3f2eee8f913da55675fc8525d4d7a824210bc0ea0e3684

SHA512
b622835c16e88eb62de9b50cd3731c7ceef5720525f2ea204c5c62d39d78ce0873c945efc4f5de976ce55f1229c44d4fac2de62d965b5ef1d5ee0bb7f961c0bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
8654ad36d728a5da64d16a716a196c71

SHA1
7a4d65f069b060366301a8d1d6a25ed1638e6eaa

SHA256
4f3f108ef276a772053a3c999cb3fa7507bb7967c695e73ad9618227ff06306d

SHA512
9d482059421bc2257f9ee47b4bca25aca930e0bfa489e2eb40ebcdfad58f319aa4e9c8fff9a2e0107a8e6d02e87cf116d8e3bcf470e47f6aa436bde8a0599c0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
368KB

MD5
0858c817b1070f1e765c8dee383217fe

SHA1
9d1359e988aaa08e5d0b1cc87cc0ad096fd5670e

SHA256
e5157506ce78208b60d78755e8fd5cede3673e4601e54033664dca3965b9f563

SHA512
fe874a9379bc8f922fcaf877c7410f51bdccba2bef6cdfa1b65d06d35bf5d89c21a4527cb9b26dd65d07779021128c63c699f2b2e424add08b22ef25807dc815

Download Submit