1032985dc5b9e3d401d15787e76293b21b80d6861443ad17213c070cb721e383

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

899KB
MD5

88c6532678d0d4445a5082d88db0cf01
SHA1

b6980ebef9239448ad8dada88554ecc04b02f2cd
SHA256

1032985dc5b9e3d401d15787e76293b21b80d6861443ad17213c070cb721e383
SHA512

47cd06f800277579fb257df11dec7b3a88a6f232f3282e06cadb1d3b808b4190801468df88185324c130c3b020bb7e0f61965866f766d79a00914846848ba88f
SSDEEP

12288:EqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaCTy:EqDEvCTbMWu7rQYlBQcBiT6rprG8aiy

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1328	file.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1328	file.exe
1328	file.exe
1328	file.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1328	file.exe
1328	file.exe
1328	file.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe
1328	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5100	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 3068	1328	file.exe	89
PID 1328 wrote to memory of 3068	1328	file.exe	89
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 3068 wrote to memory of 5100	3068	firefox.exe	90
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 2476	5100	firefox.exe	91
PID 5100 wrote to memory of 1768	5100	firefox.exe	92
PID 5100 wrote to memory of 1768	5100	firefox.exe	92
PID 5100 wrote to memory of 1768	5100	firefox.exe	92
PID 5100 wrote to memory of 1768	5100	firefox.exe	92
PID 5100 wrote to memory of 1768	5100	firefox.exe	92
PID 5100 wrote to memory of 1768	5100	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5100
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {539cb36d-8858-437b-a445-4b907dc0cd52} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" gpu
      4⤵
      PID:2476
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a7b116a-386f-4492-ba33-0b34f04ef116} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" socket
      4⤵
      PID:1768
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1440 -childID 1 -isForBrowser -prefsHandle 2764 -prefMapHandle 3036 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8225f8d8-63d7-476d-b517-df4286013cd5} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" tab
      4⤵
      PID:3736
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3680 -childID 2 -isForBrowser -prefsHandle 3052 -prefMapHandle 3044 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4481b50a-d75b-4ba7-8fbc-601af1e57652} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" tab
      4⤵
      PID:1192
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4436 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4388 -prefMapHandle 4404 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ad06a2-7d70-447b-8234-3d6b117fe030} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" utility
      4⤵
      Checks processor information in registry
      PID:2588
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5200 -childID 3 -isForBrowser -prefsHandle 5388 -prefMapHandle 5232 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0c1608f-359b-49d1-b91d-012b6e7eeda7} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" tab
      4⤵
      PID:4972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 4 -isForBrowser -prefsHandle 5760 -prefMapHandle 5756 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc0dba28-1083-4284-9869-0810ee445603} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" tab
      4⤵
      PID:908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 5 -isForBrowser -prefsHandle 5656 -prefMapHandle 5660 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {635f0f2a-b23b-4253-b4ee-6fa0a3575e96} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" tab
      4⤵
      PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4352,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:8
1⤵
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
6aedb45f6a889cdf7fbc863d60c436ea

SHA1
56b68a4d460261a9a386448f655d3d773b84ff86

SHA256
d5320afe0639cbec31763bcdba6a39b1dc2ce53cceddb76ddb3761c3932610bb

SHA512
4295c3e49472df6f967536a7b1d12ed6e034688b320a6247388f82a94cfff27e369ef009a1f790ad246afb2c7c6aa4c8f5838bf18322d99253568786799fb6cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
6KB

MD5
f4e5096d7d85067a48fe694bd749a480

SHA1
69825bc3c7685a092295fd2cfa6addb508b6ae65

SHA256
960e926041bb71dee2e20914f5e6d8ef05979c68dbdae40adbd4788520b86c28

SHA512
8b813d186e569e982b887747dbe7c4fe69a71a8e91464e58abcf280ffcb8cdf6dd1ef7ec5a55d8b4657780b15c6627d07889cf8d24b50999e0961e5d3194290f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
8KB

MD5
bce7b32baa4ef413b197b45882412a9c

SHA1
411b8f6f8d8ae947eb6e065da91bc164acfda9fa

SHA256
bf0c5c7d1476655ffe6d48f4f2e9c322ee174a2f3a5e32b3660ce3f2eedcea92

SHA512
3dd99bed7997385f84d4b1ca283595502ae78c1b235a6534d554b646c3923b0e48caa3f6d713e38727282c3de22dd2bd3954f6076dc36e07e07c4c42b340481c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
11KB

MD5
964787765372b0fb2df9f705dfff416c

SHA1
0cd8ccc2a240830ae7376409c68d8cb956fc79c3

SHA256
a376f5db71d7b4b9fd4a11d86120d09090b2a449acd533d2499c612f197f8945

SHA512
b3da08114540564d9bf7e23cc46368f462a0a4a4a45e116f0d0d1c3fae8358e553104b6af266b9bdede84288678cf81d61de1189e4b90205919808596cb290d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1b847bf76bb9f9783bbdce1c415fbe09

SHA1
b78e6d3f3151984c875d6f856fa165b03eb92949

SHA256
a7be42f29b4fb8ac6a99f3a0bcff5b259593ea16bc8d2226e4b4ddabf730418f

SHA512
0056d21be8b8d6c5f9d57a73dccaf72694a8df6d19e201271168ad11f4d4d41464f6c54c4269f86857ba341305187db59b9faf8be4054e2faf71fd682ab03bdf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
9768a70a2232b3f23ca144ad7e9b41ba

SHA1
f17328075d3c3a9d2363b6c7e3ff3f70b4136f55

SHA256
b6733765eb5c64690e4b85b87a44a00592acd16690c426bb908472f26f398c16

SHA512
3eda54b424a42cd6836eae2b7762fb9ddc07ed19dd82b1a1d56353eba64cb3257021179a6b2e93cb0a5a510c1f6330645155d636e8d4c3edc0ae914e97b10353

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
28161f4f75dcec803330344dad5e1eee

SHA1
b718f2ec5e5382e93eefa3738e6be9edea442139

SHA256
96cbbe16d8241cf44923e4b774049239b9505d4fb02dc7f345f879d45476463b

SHA512
e4cdb01ca10348606fe397faf9ef636e2af46ec927985ec951a1c68e2786a0ba4dfe7d37b8785475bec1996d5339519700638fa273c382129882456cffb0c473

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\c1c5a3f8-0e95-4f97-8791-ccd930acb6d5

Filesize
982B

MD5
ee2ba4bf51df8c2d250619dfc3590fbf

SHA1
8ed882e2f196b023b7b2358437fc6f36c6a66bb8

SHA256
ede3ebc41fef8229f372abe3ff7e22e6f7356ee3eff3f061389bbbc158f0c937

SHA512
12846f6b69337e2d614c2a9efd17a1dc6dd8987c471118adbc1e24fc134b6bb456ca041f01d1ef35a28ae60f08f3ecff0f8652bfbd4a8d7554e0ec684d12c493

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\e131e904-5896-4d06-9b07-4c46a08af61c

Filesize
26KB

MD5
a429b6172bd5cd3a09ab2a6b7bb5ced3

SHA1
8da20b97a45a2822fd0eeb0ea55747921bc6233b

SHA256
15e928c4a730c7800051c2b5c0096a3106904ed552021fa8432eff6b81750aa2

SHA512
45550fc21bf20a7cc2fa19eb5446396ae5761bd5b9c0d95dadf7bed6fafa4c83787b1ec4b16c7174c7988ba71ba6e0fe0c1d6cff7f94ff14b4bfe191bc16a6dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\fb4d8f15-80b5-49bc-bc6a-3334afd0068d

Filesize
671B

MD5
bcb42b8db0298bc522b1aad3e3472c97

SHA1
082fa71e41f6746a6b13556d6ec724662a645950

SHA256
0ea543829225f036f2d1b70d15d44f9ff440184fab793fb074cc6ac0f495f7b5

SHA512
0ce399b15a52b5c6da28b953b4e9756da46103c8f5c7c81ac0c12dcc14bb7dc0206f651323526fcdc7e1889cf423f5ad0240d8bada320735562d925b1155b7da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
12KB

MD5
2207adcbf183c125a9a4c38f35b25946

SHA1
48d79620d2108274069469feceb3023efd8793bf

SHA256
c39bbd5882ec3d5650ab9774c5bc079a33d48c456b363ba880b924e19c655c7f

SHA512
22fedfb9810f4cfbffa8f5be52a76dd2bb738b0a1e0115136e1dbfdc46eaf89a888f2a9827cb88feb574a6e796ba66b51d6b77ce9060e56cb6212b93fdd3cfcd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
16KB

MD5
3c9df7ba891f1251339587fa4d831bac

SHA1
702d2ab601a5c64fce095495fd6441b30c3eeeaf

SHA256
066ffe737fbf0b0d65f84790b71db4cdff5f5cb39ee869c86184c401c55287ef

SHA512
a2e62c9af3dd0c0c5850d5987c8114e855f3431b6ea90909c8c5a9af46cc038d6cef10800ec06243184207a80033328010d27cf62729cf08c99b04017ae376ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
f342f4ea79f75e5518bf7793b783cef7

SHA1
52b9b7cdb4cb099c01980995fea44ff129b6fda5

SHA256
ac8e72536b3536a866837ede391e00adfed8f483c82456ed08524a73a684ce20

SHA512
35833a414c89217c5fd309dea1cea7edb75fef0e01d232327a6972543917495cae00d9858edeafe799bcb56cf06fdecc82ab46953f1f31488ea4405e5f0f6848

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
b424741578fcaeb9e4fc49e6dd0fe5a5

SHA1
7d86aa95177ace74e51ef88220728298afde3954

SHA256
2a78f904950812923cb3ded63f6116e384f6573eb14d358d9155bc6a0cb4c4b6

SHA512
fb34a0bf84e6bc547e111ab27a023a155d8d0f3585aaff7358086f219c7b0e90426fd422b285317b4c1cb6cc80aeeaca03bdbc812b741da32851a62ee99856d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.3MB

MD5
75529818c41b59aba4413af4bb559bf6

SHA1
afd5204664389b80729e50f19a809862e6e4409a

SHA256
f91728078108de7f86adf2d332b83df7f766e2e36b010a03f7558e34e642dd02

SHA512
4522946ace5e0056afd6970463c83186af246f0d7f73416a8f77ed2e8f81c2dd73d90eafc65ac04763bf7e193b87ecffcd87e271e7052de3272027a46edbae48

Download Submit