4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3

Analysis

max time kernel
92s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
Size

897KB
MD5

86407f0e582583bd91000208e8ad8140
SHA1

8da0e8454eb457f56a43b2edc28da089571795a1
SHA256

4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3
SHA512

db8fb6b559e4d94c5cd30518e7cade0a1655e487b5b3a79064ad1558ff9b4fb1daedb29fae58c3a9e68794885a9b0f550e081ff897fb8f4111d1051d55e1acd9
SSDEEP

12288:0qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga3T2:0qDEvCTbMWu7rQYlBQcBiT6rprG8aj2

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3572	firefox.exe
Token: SeDebugPrivilege	3572	firefox.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3572	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 4208	2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe	85
PID 2380 wrote to memory of 4208	2380	4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe	85
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 4208 wrote to memory of 3572	4208	firefox.exe	86
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 2872	3572	firefox.exe	87
PID 3572 wrote to memory of 4156	3572	firefox.exe	88
PID 3572 wrote to memory of 4156	3572	firefox.exe	88
PID 3572 wrote to memory of 4156	3572	firefox.exe	88
PID 3572 wrote to memory of 4156	3572	firefox.exe	88
PID 3572 wrote to memory of 4156	3572	firefox.exe	88
PID 3572 wrote to memory of 4156	3572	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe
"C:\Users\Admin\AppData\Local\Temp\4b74955a2223974aaea59516983f43b93209e025ea1735f1f658f4b25facb9d3N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3572
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4129b33-2dcb-4f22-8fb4-15ecb8722df7} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" gpu
      4⤵
      PID:2872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d6556ab-afca-486d-b519-f7eb1171e75b} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" socket
      4⤵
      PID:4156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3180 -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3240 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65c11f76-794d-440b-9a30-429c14347c9b} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" tab
      4⤵
      PID:2264
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3808 -childID 2 -isForBrowser -prefsHandle 3800 -prefMapHandle 3796 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98cc1551-9c73-4fc8-aa6c-eccdfed11da6} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" tab
      4⤵
      PID:2216
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4664 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4640 -prefMapHandle 4648 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22cbc866-1a7d-4b17-ab39-73837f9f47e7} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" utility
      4⤵
      Checks processor information in registry
      PID:4500
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 3 -isForBrowser -prefsHandle 4976 -prefMapHandle 4076 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e26672a8-a7f3-4f75-b006-c79a350bc2a7} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" tab
      4⤵
      PID:3656
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 4 -isForBrowser -prefsHandle 5568 -prefMapHandle 5576 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {560e0fd3-6694-4fa8-b9a9-ff3d481d1706} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" tab
      4⤵
      PID:4908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 5 -isForBrowser -prefsHandle 5768 -prefMapHandle 5772 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab3783fe-af03-4349-9ce7-af498a3c5deb} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" tab
      4⤵
      PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
5272389cfa1bf8e29dc348ece1050fdb

SHA1
0e5be007f4a176e4384555ff1a61f90038c5baca

SHA256
d8e8bc3a831e715e42c00fc7a7105ca6904b8d5cafa8e55029fb6e177e32d43f

SHA512
bd09042f0acbae27394d3944d103992dfcd1a3a964ddf96fc1294cc1e9a9f67d846b119012791c77ffad094a0093805543ab6440ac9e46e9c9eecd8d94970e92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
807e4ede9d2d015ea0f5165c58585954

SHA1
ce295d2b64e0ef5b817161af27a220ca162063ec

SHA256
11aef112fda1e9075a9d6bf79b607b83887333e0b7c48ce3e4d037d6a6197563

SHA512
bc3e4602bc09ac94fbec80c8f5ca91134eda10da59dd3f6c94cb0fd57e660457701892e1b5e1583cecefab7ab259648f58c031b4651b34b592a7d6069d101400

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
18KB

MD5
5e3e611dc47da1f279c75f1ee0e78504

SHA1
2fe17313e1b97df37b896b70cea0e48563d9fc92

SHA256
f914940d5443223c508b203338425c7c44ee8a26c226dbaa6bf341976f977b42

SHA512
525d2276b7aea6d9cfb0565b8b4f2638e6f0542f0988324a8c3df8fb39345c09e38f66666c65352777fa72054c775cceb18b288ea2ab2618160a90b5d2c31987

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
10KB

MD5
0eae6fcec8d6b7c7825f0c9e23da2a2a

SHA1
042f5c6ee10ed5015a15bfb4f4d3f39477192f12

SHA256
13039a5e6aa0ba37dad4c53de3954af7b6dac1acac7fb5b70bcf9229666f3835

SHA512
4bdf51154c744f40c3b33fae6e69bb3aaa6ee179c1e2bc9254e0f59d38d4a5042d9d62c2513482bed1eaefca10a3f088139e896f72eb2e905f437861348320e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
d880dcecb3db971abf29ebb77d6a207d

SHA1
b231d8000a951790357bf7745204cc49454eccbb

SHA256
9ee7a585d32af583c0a130cc40610a3fb10d9320f15dcf4d90a9f5f39f340263

SHA512
27db158d37f2a0c659e92ae9ccb1af6d3ed161e559071ddf39d7f030111644ac9c23bdb4475ae0fca826a1ae580f5d7170d7a3c47325a1f7de2349dd7c62f284

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
76da0136272772106f2927d86d255eb9

SHA1
7560641ed0dce09b39d29964f0ece65330e0f770

SHA256
a6c03e07980b0194dea884a75f3d8bd9797d6fde770493e9afc03d51619f8e11

SHA512
c1f07cfc0a057c623c48b598223f7efa02f9ecc5f201dbb43823f66a27659858b6febdcc3906187c0f0b1c97b49691cfdbc040536aac5be9e7741b4672b51f78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
20278c13f6460735350c768941927872

SHA1
8a6c51152936019fea696f692b14c01b737a1353

SHA256
90ac6d9dbc1203166d4f0b7b72c43641383e6e64a0aed4c818dafd3dd3f567ef

SHA512
347fef99a27752ec30dfc8fffa23fd0531a04db598f05a3b3df3e95de608ff9cc1a66e6095d1e3d883dfd3d18cafccb9fdaacd838b6514d3275f4b92955b4ee8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\2cb336a5-a490-4313-97a3-b0ceb3e8f196

Filesize
982B

MD5
c107e5ef4d30251b069d86e69e83eb14

SHA1
45e0965057c5bc170c808311697d6083f91576d5

SHA256
071ce4443167ffec808ca62c3bce9066c4c73f35376b365a29f567a303e5a9c0

SHA512
526e5bb97ec322515882ded737c2e50f19402ec3ed198a8dfba94b054cee3465071f66f65697da8934998439af6b7aeb484b8f9454347bc07c995228dbdc41cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\ba241870-24ae-48bb-ac0d-708e00a4c730

Filesize
26KB

MD5
4e76a96e922bf642b6bd23e1c2a07564

SHA1
9973415a172f85b872e4b9817a7a69340bd5813e

SHA256
3c9d94366ad28fcddc1f5badeae484f885b12a09e7294b638ccf1c37bf484a4b

SHA512
78abe6d2743beb15451b40ddabd1a2bb09ac21948177c204f9ea5b4e3546f48826aab32bb75854aadbf7f07d0749fb973c71bf571e903fd09548016b753567b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\d9bc8515-0897-4c1d-ac30-34fcdd089738

Filesize
671B

MD5
224e0001478209c5706d7077615df65f

SHA1
35531f2d3f5564092d2f391b8447125e1f83a1d9

SHA256
dfcc9b27768c6c41d8f7a51d70d15dfaa61ac0cca87cc4e83a3345b12b8ade11

SHA512
2adbb77973ef961ff1f199ccf0ae53fba45c16b4f7de0d7832b75f40785be4c82cfb93e051715160030f40c31b9c609d355804ac5dca2ec40f5d0a9c89dc1384

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
13KB

MD5
264c73b7972091a523cc872b6d531c5b

SHA1
1b65bbd024a42250b121e602ae1a0c00bd883c4b

SHA256
4fc924d1dfc6f5b61a9907aa616fabeca2d0dd9c9d7dc78babee8f894667ac0b

SHA512
add7c98f3bb580b1d5e65b0535d0161fee253cbfe9532fc6538e802b30b871b3f3a2f89805087b11cd92dfff0c4b924869d4a62cfd741c440efa9342dbebf905

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
16KB

MD5
78e7e6a773f46114c2a32858609ff614

SHA1
c59dd80bb678e7ee1113911e6c8597c5a8f9108b

SHA256
8754297c0d5e568ee30fe26fc5b44e5989d54e9f5a183b154781e3cdf8f7f967

SHA512
d1f979f82f9592d7ac05ce680ae8e828bf923256737ecd63df2fd64305ac8db2e5966b212310f0a2d764cd6c129352923e6b268a7f1741878e26af120657b35c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
11KB

MD5
52cfa1afce54c113ef17bcefbff24ef0

SHA1
dd26859315522ece11750548f26927b6a3903fe6

SHA256
1e8fb8e6a4556dd8e79c167f3931c870512d86ce3fd5591af30420c78d5b7f76

SHA512
be7839ffefce31c7bf2761f6a963e36be1dee69473882896325ca0ae583053148bfa8226a1061e580ec9663921ddac05fe2e52558dc62dd7f87a743213cf3242

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
10KB

MD5
f72d8b44c35d9fb94cc705b9bb3a662f

SHA1
014c818caceb9add18ff1cdb1e19e8bc7b770d8c

SHA256
1c83a7bfaadbdfc8b053e529c72c496a85d6667ab24f185b7a2840f2bb44aa0e

SHA512
88f507472279cfabe702d6913f5167ade1fc5f022fff8d052fd74d6f5c450a832e214623cfd3088e46ff87695d6d91b9fb52939be2dd92bc1f318494b5c3e897

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.1MB

MD5
bddc9f98a99d69719b4e44598503f161

SHA1
d7c09fb1ee7a3a825d5a5cba12d05da412c58350

SHA256
8142fd7b5f54d29e872a18b2e3cd248f92949dc9111b8cf8530515d87ca89884

SHA512
1d830f0bbfd246016cf09be05265f822f5be5400002536007c0a3cf8e142bdc1b81a5581984e80cc3dd1e1137161f71860372b2f26066cbbe02d2a16eb65219b

Download Submit