627da6780b5dbbc16b1f69a0b940547725164e16f6be4d2125c801ba2c25b06e

Analysis

max time kernel
1665s
max time network
1765s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tzsFs.tar
Size

375.8MB
MD5

53e51f17a1e04f3554f6c09e06c55680
SHA1

5fd012c451680bf869b3225a4b467fdfe0bdc85d
SHA256

627da6780b5dbbc16b1f69a0b940547725164e16f6be4d2125c801ba2c25b06e
SHA512

abc831c1c3cde5d81441f8fa992b50af891491291afa7b7a28bb27ae286b6451916d71110567b7d2f8e939cd150e312b1b6296106c80c5ac6b22a183dfd69230
SSDEEP

6291456:/isWaTTn6TtmT/FvMD4Buy+dIfpP4smZmTZK0XU+5eDmwaz9winVinYjmhGxlInB:/isrTkmzlM0BumP3mSUqMWz9FViYICIB

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	864	7zFM.exe
Token: 35	864	7zFM.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe

Suspicious use of FindShellTrayWindow 22 IoCs

pid	Process
864	7zFM.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5084	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 4072 wrote to memory of 5084	4072	firefox.exe	97
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 1160	5084	firefox.exe	98
PID 5084 wrote to memory of 2372	5084	firefox.exe	99
PID 5084 wrote to memory of 2372	5084	firefox.exe	99
PID 5084 wrote to memory of 2372	5084	firefox.exe	99
PID 5084 wrote to memory of 2372	5084	firefox.exe	99
PID 5084 wrote to memory of 2372	5084	firefox.exe	99
PID 5084 wrote to memory of 2372	5084	firefox.exe	99
PID 5084 wrote to memory of 2372	5084	firefox.exe	99
PID 5084 wrote to memory of 2372	5084	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\tzsFs.tar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4072
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2040 -parentBuildID 20240401114208 -prefsHandle 1968 -prefMapHandle 1960 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e15b732-266f-4ce4-a555-eac37152ef62} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" gpu
    3⤵
    PID:1160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd3692d2-708a-4701-9e07-e9de45f2c96a} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" socket
    3⤵
    PID:2372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3324 -childID 1 -isForBrowser -prefsHandle 3308 -prefMapHandle 3380 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b345ba9e-6913-4bd3-97b6-fe8a1a6dc84f} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:2260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3884 -childID 2 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01a4625f-86cf-4e0b-933c-ff9f1c547585} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:1208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4492 -prefMapHandle 4460 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1a60ada-676b-4fdd-828e-4028c7e445bb} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" utility
    3⤵
    - Checks processor information in registry
    PID:1564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 5472 -prefMapHandle 5464 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {143d95c5-3561-423c-a7df-6bcf2d61fb2d} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:1668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5036 -childID 4 -isForBrowser -prefsHandle 5484 -prefMapHandle 5480 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df5e0292-4621-4235-a319-dc04a175dd17} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:2632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5872 -prefMapHandle 5868 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aa155dd-4a21-4ef0-9c49-1d27caed6e57} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:4992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 6 -isForBrowser -prefsHandle 5808 -prefMapHandle 5812 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de331ceb-02a3-479d-9f70-3f1372d0bb21} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5176 -childID 7 -isForBrowser -prefsHandle 5600 -prefMapHandle 5596 -prefsLen 28418 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20cf2168-c794-409e-95aa-4ebc34fcb0a9} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:4400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4408 -childID 8 -isForBrowser -prefsHandle 6360 -prefMapHandle 6364 -prefsLen 28418 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7c9e24c-6d6c-4046-a736-4abbc4c536aa} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3680 -childID 9 -isForBrowser -prefsHandle 4276 -prefMapHandle 3132 -prefsLen 28418 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41318f90-db3e-4523-a22b-26140c1191fa} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:3436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
8179586c980b45daf7ba211c2c2398e6

SHA1
691bcb59b2e00f4e7a18a6d762bbc0722e7b715d

SHA256
4311872c2bfb720fa66044b9702e320c566f95dc1ecd3175cf54fc89808c644d

SHA512
312cceaf862ebda9eddedef2fa785c14633320cad843f7fd026a3b00bb83148323ac525d9f582de5c32654009a09ed9681158fc638c59d7e7795d8db4d197c5d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
c7814966fbb01f9cb39c12a73685e610

SHA1
d019dde9bb9a462c8f538d907de4c392b049f50c

SHA256
717edc385194f188750203c4bce96a42e6373145d4c89c43a1bbc93b59e04511

SHA512
885cf30027f3cc1d4e21303b639cafd9aedec38a0888f9afb975d32e9f678425be46869f70ac93f63c8e0d28338938c7a8b8a9d8249febfa7794563bda5b219d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\thumbnails\1eb13ec9099544fc7e4511682e2a0787.png

Filesize
5KB

MD5
9b0d90211be2c76df1978856e4094d81

SHA1
7aa13015dec1eb72a3122b7bb90f857c37a4f75b

SHA256
395baad628f8e11a71875dc244ab1af6a4318240305d722e3b86a5b2536eb717

SHA512
3751ae471b3c8a014563236b28109bce1b743116aefd09e17259d89ba008543c7ec6ad760946505164e581392617515e3847055824d9181a5779583733b7dac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XRMD2CXDGU25Q7MVE0KZ.temp

Filesize
7KB

MD5
8fac9b2f371574675d03d163304e3ffb

SHA1
e9e30d7d69a82550de42442798f8f667466e1e3f

SHA256
9f7d3bfb28d5b399fba65d2bc3bff36f150c556cd55af3a1601aa1528be009a5

SHA512
42db6920f9b56ddc3457d1ba437ef9bf97de246f0c8a1a53badc9ba8a484e81eba22909c84db74d3ebbe3426cdffb721ce2116c76a83c7b322054f14c1f05957

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

Filesize
8KB

MD5
6f808777582517f7c8112de57eb4457a

SHA1
d5c59eb98ec787c6085c0e899f626c10ae2ed1b4

SHA256
a006fe48a9e110e59f4d248bfc3a2d6f8d791d3da736d03679de59bd0098ba5f

SHA512
f6be660f0d28dcd370764e4608017f3683ef30ab70b3cc8b0e8d035c8ecd4391a5b9efe765e9b87b2b15c9e7c2f118197cf4ae2f20c5eea81f471971d0d26c2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\bookmarkbackups\bookmarks-2024-10-13_11_Q5zUaDTYeaQswun7Yp1cAg==.jsonlz4

Filesize
1005B

MD5
2ffacc3095a5e0ad665d2c216030a8f2

SHA1
6ed62c02da3d9202dc6133cdd204c4e97ab82e0e

SHA256
7bb6094a6afb1d1f59f5dd2f53d0efeacf758d8d0f97b59d7a4d60b1cf60602f

SHA512
a52cdf9002d6ed1f779309ca1c6beb32d854e21fcb564d8b0e8dbda2c767d5b87d3a0f4cadaa4c05136654a8a671ec6dd60417740808aa621148956c1c1bab5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
bd9c4eb36ef6e81f9bd1ca1e26cae6f2

SHA1
daee572de26318871ef11ad87ed42032df2509c7

SHA256
16bdb79f8e645d672fb42c5996b8fbc240cb2c3b7f91ba1c92aebc75238720fa

SHA512
1b556572ba1e8071786827644e1bf939deb20ba50c94f2ec1d7468fd44e3910990074ca1bdc650ec8b2c41e38b3697828f8d1e2a8ab759d334962fd4caea14db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
a989b4b391a9b30fdddf6149cedc6342

SHA1
ad2755077fbd3af63ef8bde443a6f89c8973df67

SHA256
b1779efbaccb53d4df21a55e1cd8255ef1a03c1d3a7e32350b4b703777abf52b

SHA512
5e3c716a29a18cfcc8d51c8590cdf673ebfb964fa9d1c701a37756da30e162ae751dc3d3ff69b96c3f1664751aa596ee01d3040a275a114c1b1e7278b3f18e1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
244fa991694d2405cd6fd6fb4076b09b

SHA1
5a0c9d8df85289b49ba97d802797618fe1735c9c

SHA256
295565c4b313b8aeab928030c51b58fbd9e754993100fc33ec217bb7acf6d3dd

SHA512
581c52703691865f3d58d4499ef0b1c33c0d986910a4aa0c610bdd3cd0d81c64224321c096303c040af538b0df42d642409c6d5c4963d50f7daff1b6bf81174d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8e6c65aec71a8936cfac5e0617837980

SHA1
251a522575444e7fb0984fae125a3653c9e1f6fd

SHA256
b893dec82fe7f9a17e798ed7584669f7357d477b86afe39a7dd56cf0886687b1

SHA512
c261f8db11654a79af5af0cf408e1f1ff5d06339841d5efede2d58d6a15dd0abdb92ec41f352b6d1bd64cdd98d4046c0da8ab2564d460ada78ba780135da1f76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\3edf08f2-268e-4186-928e-fac17bbd43b7

Filesize
671B

MD5
ea488506266bf3181aa61059aa08f91e

SHA1
eb56e8f0d04afbf927019382cca4a6445f9ac68a

SHA256
43de9d941e8f9885b66dc995348bc98ea60369181796c1b85b443a715a84934b

SHA512
f84436d6828097175a37a26d34c5d5dcbcd8eeca47df70ceba54bcebcfda8318c5976397edab49d59254bd29b20024a7495131776bcab86ddfbca02fb7dbf7c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\bc3486ae-542d-4b35-9a64-c953963b1fc1

Filesize
27KB

MD5
2b4089f052b586ddebfcbc606db41773

SHA1
34e884fe0bcf4075f54124bd99e07ddc6f76224e

SHA256
3c3c31d2255807a0c9df546d0596d293890806249de9348a2bb9ac525faff859

SHA512
623c85a97ed7100ac8461b10dcf841ddd1317f5b31de7d948dfb33823edabae3f44a36027d586524842d6c25d4f5d76f28e2c84b6c9dfe4f3be60921fea3700b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\dbbccce6-d788-479c-a269-4b8026160ec9

Filesize
982B

MD5
f54b25c06fe5ae2a2f9aa27a6c1a2a45

SHA1
6d0f05209ad3e122e42088e97cc64f53d69e5453

SHA256
b4b3f01a53cd4752e70df2f16efbc881effb7302d7991f0f71a14d5051439b2c

SHA512
bf6533df62d429ca253d82d6a32fd0e18beb6d0069aea07137ae37b692769da06624bae675e6422139d0e41d8aa496c3c491d9ee065d695550191feb94b693a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
11KB

MD5
e044ac51f75daab78befa276dc2bae63

SHA1
a9556bc93c0589d12e0f8bc1ad13e5ec6c31c7a1

SHA256
04e6f59701334a937ff2ab99a1ab495309489ddd3560563b1c538355f13e59c7

SHA512
4349aee3b93ea1e5cf82d6ee96db526a09edfc4ce9651d3f49ce5e5308aa1eb94673fa656f167502e17edd7e2eea759cb56de5e9eecf640a9bb33c558b920f62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
12KB

MD5
48378fc41f9a75840e7e71fe8fcee371

SHA1
916df9ac0a02d4c849742346f9c8fa2341e89faf

SHA256
b6c00546dcfe34f5ba3c60685a06746ab49fedc4c8e6de7dfae3181c7995a4a1

SHA512
4f3551568f3e4c225d4aff7cc50e18dacfd6ed82bb7b06d287de9953971bfcbd268556cee61538968f48356ea7309e6b69d4b4c4fbbb4d21d5f3483d7119c954

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

Filesize
11KB

MD5
2f618f55d5a4bf8c674ca85ee5d162c0

SHA1
9c5d80bdee6e98bca3692e9beed86ed6c9ca22aa

SHA256
409fd3d5e3f83413e65a6baf0fc44e5fb6246f5a9b278daa0adde4f8a2464b1a

SHA512
ccdc80a351922cdc978ce09887a656b99f1cb9281468aa9a46bdd75c26e8c1e900a7df8f71e84eddc9f1e20cf707fcbe6276786fc46e8c1457c5b022c3e321e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

Filesize
10KB

MD5
6e3bd2e83e6e19f63f5a55a9ae5978df

SHA1
0406ffff0450b25e9fd2e914c6eff51fb5028435

SHA256
3f2eb61fdb23e89c618b128624b1fa9832e7855590ee4c6881114bbf73797a58

SHA512
d8cec2bf9369c2abb7ce1e5d204b8f67efa41b9d38eb4a8b10f1d8077d5f72aadd5577360ab4bc14ce29ec505475d0b70e5a2f25aa46b266295b1c03a086d9d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

Filesize
11KB

MD5
a29607f11ac8f82cff8a07ae87fd1210

SHA1
6481eb0e57fdb1e083c6e199ddebec07b6a00e2e

SHA256
f545fa8fad62140b582d56b6b9195c5d8fda89650b2b2c82a3c04ae5c8ae3731

SHA512
78aac8bdb1c53ce9eab79c9ed5b72d546a5ee789b70c1a62cd63e9b316ab33206652ba68b82679fc88cd0ae9249f465a0695c6906183abd0efcfa9c609c70c49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
25e5e5d0f08af4807e5b7348da5a5f07

SHA1
5d9ab8e6b16384f460e4c1c687c1b69d9f14d80e

SHA256
d2b429eb416f3451f1339bf73d6ab15c7d8e47486b0581d8173022efe83d8734

SHA512
67ee57a6ec91c7c86175eae2af6e805f96f2b364a474d9fb8c3692d44b5454ed1c2680b400ef50429f5fd08bbedea9118ae3874b6f5e7928c046d98ac000d34f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
2e955024aa4eed136662b02d2753c85d

SHA1
22c5f7478f6789bc27fd9731c6acd80f695fbbc5

SHA256
c9b4e29bee60a1905e9a2d649f7774cfbd55b9bf7189b85c7a1d0ecaf31408fc

SHA512
8cc80d7545773b28cf025c3b1b29ee04c4d9140e529a5f3b884f5f019ba8611d6fa76d0540fa79150d0cb3ce30f2ffbce31631ea879c79029325baaab284d90e

Download Submit