e8514f76167e4a936cb10f853d7b5fc0e8c8b7cf61fc49c3b62e776b7fb09c85

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

901KB
MD5

156fb9a5912fdeb49a0b6364970fc75e
SHA1

cbc0a33112218c0f0e59879fb0aee4def067c062
SHA256

e8514f76167e4a936cb10f853d7b5fc0e8c8b7cf61fc49c3b62e776b7fb09c85
SHA512

657649219dc1248adea4662d6d5df6c21be18c943aa6a013a9a900368187227a2b90befea7dc9d82292182bc0d74718449f06da59b2a72d8427bf5c4dda64947
SSDEEP

12288:rqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga9Tb:rqDEvCTbMWu7rQYlBQcBiT6rprG8a5b

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2556	taskkill.exe
1708	taskkill.exe
2800	taskkill.exe
2532	taskkill.exe
1712	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4268	file.exe
4268	file.exe
4268	file.exe
4268	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2556	taskkill.exe
Token: SeDebugPrivilege	1708	taskkill.exe
Token: SeDebugPrivilege	2800	taskkill.exe
Token: SeDebugPrivilege	2532	taskkill.exe
Token: SeDebugPrivilege	1712	taskkill.exe
Token: SeDebugPrivilege	2492	firefox.exe
Token: SeDebugPrivilege	2492	firefox.exe
Token: SeDebugPrivilege	2492	firefox.exe
Token: SeDebugPrivilege	2492	firefox.exe
Token: SeDebugPrivilege	2492	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4268	file.exe
4268	file.exe
4268	file.exe
4268	file.exe
4268	file.exe
4268	file.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
4268	file.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
4268	file.exe
4268	file.exe
4268	file.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
4268	file.exe
4268	file.exe
4268	file.exe
4268	file.exe
4268	file.exe
4268	file.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
4268	file.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
2492	firefox.exe
4268	file.exe
4268	file.exe
4268	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2492	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 2556	4268	file.exe	84
PID 4268 wrote to memory of 2556	4268	file.exe	84
PID 4268 wrote to memory of 2556	4268	file.exe	84
PID 4268 wrote to memory of 1708	4268	file.exe	90
PID 4268 wrote to memory of 1708	4268	file.exe	90
PID 4268 wrote to memory of 1708	4268	file.exe	90
PID 4268 wrote to memory of 2800	4268	file.exe	92
PID 4268 wrote to memory of 2800	4268	file.exe	92
PID 4268 wrote to memory of 2800	4268	file.exe	92
PID 4268 wrote to memory of 2532	4268	file.exe	96
PID 4268 wrote to memory of 2532	4268	file.exe	96
PID 4268 wrote to memory of 2532	4268	file.exe	96
PID 4268 wrote to memory of 1712	4268	file.exe	98
PID 4268 wrote to memory of 1712	4268	file.exe	98
PID 4268 wrote to memory of 1712	4268	file.exe	98
PID 4268 wrote to memory of 4944	4268	file.exe	100
PID 4268 wrote to memory of 4944	4268	file.exe	100
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 4944 wrote to memory of 2492	4944	firefox.exe	101
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102
PID 2492 wrote to memory of 1780	2492	firefox.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2556
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1708
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2800
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2532
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1712
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67209792-ed16-4b84-8445-79d697efc932} 2492 "\\.\pipe\gecko-crash-server-pipe.2492" gpu
      4⤵
      PID:1780
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4ba11ec-b877-40cb-9791-190826045de5} 2492 "\\.\pipe\gecko-crash-server-pipe.2492" socket
      4⤵
      PID:1596
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 3084 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8b7a31e-f66c-4580-9c1f-63cd259faacf} 2492 "\\.\pipe\gecko-crash-server-pipe.2492" tab
      4⤵
      PID:4212
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2756 -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 1240 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {406a4d71-5b35-4bea-8499-355c292535ee} 2492 "\\.\pipe\gecko-crash-server-pipe.2492" tab
      4⤵
      PID:4340
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4652 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4420 -prefMapHandle 4372 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cd5d88e-4cef-4236-ac5b-49ca726988c8} 2492 "\\.\pipe\gecko-crash-server-pipe.2492" utility
      4⤵
      Checks processor information in registry
      PID:5272
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5240 -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5232 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {719ff492-04d7-4943-8cef-a3f5635afbab} 2492 "\\.\pipe\gecko-crash-server-pipe.2492" tab
      4⤵
      PID:5732
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 4 -isForBrowser -prefsHandle 5480 -prefMapHandle 5476 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13bc8740-8264-430b-9e80-635b4af5acca} 2492 "\\.\pipe\gecko-crash-server-pipe.2492" tab
      4⤵
      PID:5760
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5364 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {619d943f-459f-4acb-aa44-ef6d4d31efdc} 2492 "\\.\pipe\gecko-crash-server-pipe.2492" tab
      4⤵
      PID:5772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
cf34ef07dcbdd3ffbf45260945b10953

SHA1
8ea7cadfa23f47cd55493d40b7aad8835b686bf8

SHA256
ee2de362e393aba333db081a251fe898988897a3ebaaa21571213eece4cb8846

SHA512
c67e534f3a08e9f094a329d584aa583fe651cd613b64535acf295dd4621c4b8e6c97822c4a37d190ae28eab5e2244bbfa05768ea107862f265a77d71e1193cf9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
535ae242d508d976b50f8d15c86f8292

SHA1
008f8976405efd0ceb4de6bfae1c3387cdd22032

SHA256
bf0e57c61af7e63954adb2465e71acc2e062cc1a1dfdf00147abca67df8d28a1

SHA512
6c23df38a849c683807774f1a553d63ae77fc945b65734c0914261421760d6e4db6d3ef3d58f0c7392846438b443179fa3293d023b32cc5a5f9160752a34010c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
7KB

MD5
7a7fa14bac9ec8443d74d69733d1a5c8

SHA1
5ded3c3e11b9b3520c5af5df281c7d99043fc512

SHA256
3b6575616c9dadd5c29ee0634fc7c4f348405977b92b7b0671a5053a212e535d

SHA512
6f09fb2725f378b65dba5172c39219c331e377fc70b6433be66af3728ee8f0ddc0c981acdaaedfaae612e5dbe8cec5507253fee99a3c2cafe9a43e3c526ac7e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
11KB

MD5
81407861e90b4c2c2e1549345f6c3293

SHA1
913201369122b5ffb77e7565f1d7d89ce3ede0a7

SHA256
6c06928c5ce9d57dbaa54dc597d9d9a8c5ff25a1cc8937e0b332f528eb96c754

SHA512
0f71f2405deeeb7bf17bdd1eba054ecd07f3ecaf2d53fee03249de1b213199355d79f2419d2238830fec24a56fe95c0e5cc361964716ead9e28965967620b0c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
18KB

MD5
04a28b45a92ca411346c17b2c73d3926

SHA1
54a87cf45129fe873ec0721c61e63da756d9381c

SHA256
ea4e0d0f0386b02e7585ea2df76a08f504592d35eae45c3eff68324b8253c805

SHA512
82c21952abee074955f4fc2b6a646fefb006fe1dcde5c17360b9a38adcfc173a47e6fbf89e613230ad9398dabab8bc4bf3b4801c1b90f62729c4fe206599f391

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
637b0f23ebf9bbaa1f48ac145890c12a

SHA1
e2184c37e9803157e992496ef3593f69fe870697

SHA256
96654e1dee2ab4bd54f8a5f7803729925b6d05caf01901bd4e28525638db4708

SHA512
bc4d738879e1e825c053ad379b92e677ed456c5752862e7237389763a7271d6f9dc3bbcfab76d6f3745ab1c068b0376781b0617fa841b73645e26b56db3af087

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
cc67a77f36dcff280598527365e3facf

SHA1
60ac25caf59f701a78dd7ff0c1a6a395aa7484b2

SHA256
71c0556cc9275cc041c83ab6ae954a243b366af3b6adfc1024860023487d089b

SHA512
34348216882e672505bc03d53597c9c7afb83766347ff47216a79888cc6ca2a4012099fb4b2717c6ba1a2a2f814508c3bfac479a5da73329cbb85bafaec429fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
cabbbb455957fe7e9b3fe0a128594927

SHA1
53658d2a390e964a3d430c1828280dff544538e5

SHA256
d1fc417bd0fd9f3fcb0bff27a3ed8439a926e344ad9220228768f837525541cd

SHA512
dd988fa346ee79549f84e928eaad09d93e18d2900858ff06974da51645e99bea924b50fa495ca2490a47f27901e369898101fa01c9c9a1deb463894be17446fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
c3eb8d2bdb003b43a181e514432ac168

SHA1
b44869b6ac6e2b5ad9ee86d36b2fe92648cbf488

SHA256
e5a2e8336572bd3b6c60099f59484b7274f6c3ffdfc2a2f2cb30b432f454b244

SHA512
c7f9b84a5724a6e3d72c5083eae18e9aec8260f401f1fd77ebe7da7c8da3cd79a4689b28c31818c7a8d35a8ed2f07dca75d3e5360388da0b0e2d3f364e7fefc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\132c906e-3a13-4c9c-94a2-14ba7e621fc3

Filesize
982B

MD5
ff01c2906fa47ec73ac461e6fbf3f902

SHA1
3392077dc883ee2d3fa58d59d11cb567cc1460cb

SHA256
0de318942b55a31de15b1349fef3fe0debafe5b4655b18780c7252db38b24516

SHA512
d6c84a59dfb320246930353f3228b0c1c2dfc8a7ee6afc40e92b5c7998b4663c573821c0c5f789fc07d248432733aa0be2cc5a583b39821e7353dc8572f790f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\a06f5534-23de-42c0-925a-904a83364b89

Filesize
25KB

MD5
8f67cdf5e0dac9a4fa1c07125990b80c

SHA1
4923a24566effcf0119430fd4d3870e02d00cafb

SHA256
2e8c20bcba10c12d97747b67baf85af6c969da744452c337c57fc7e4249f41f9

SHA512
1edf6be97ae0f47c922517c620ee5c4172780c180de492ec2144ee94dd901803fa2ebf81af28e116aeee2ba611b3af67a337bd629222cd153996a96de978624b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\f63ebe8d-e50d-4981-9fcf-98dfbbd80e99

Filesize
671B

MD5
0662a5f5552e6dcedec92543fff5aabc

SHA1
2076b3012fd057ee201095a1c6f0d83c9d20f095

SHA256
720fcd728e2e9ca341b1a66eeb82ae05a42ffc119b341567bd0b709e8c167e32

SHA512
027038e1aaa8f774ccf87b2e5f6fb6f03befee817b9a80c5c0f1d0e67d434c1b1224a1dc11e5abf8d688626f3833be7dd1dad87fe109388d5757f9be84f06ed7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
12KB

MD5
1eec886ccafa93b974ef4c12b938758c

SHA1
510556e2c1ec38b2e65560a6fc503ae75c632308

SHA256
d1dfd899f3fb51da6af489d18e7b8f2a1b3c72678be7be590d9a07a51909233e

SHA512
b7c424386628c14293b96ca56661f8ffa7d381565b525774946294c96a954095ed1f187bfb375bc079e2ee0de6626b28f4333ea820ed9ba6ef21cbaade9ea57d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
16KB

MD5
8e79f3f6a468b94a29c6545ec31f3906

SHA1
ade3c158b23e6a760a3816a4b5169d841e2b2f39

SHA256
9376335a6db802b5486613b1544986fb0c7ee80a991e40985e3db9355b3be824

SHA512
22845a50fe2705c5d9e311293385dc03287f6e6f5c7dcb6dccf670148c044c04c8c060b7330805b2597b9d3aa6cd7cf93fec819c7816a6f5174a8d75d2dd709c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
10KB

MD5
7316637c3a43b86c1d0cea439ffb6b80

SHA1
1fb999358293ef944ef4e8ddc262830ddf87a19d

SHA256
5ccadc484cdff0fe500bb2c1966f971bfb174c033992ae7b824df22ff7b16cfa

SHA512
f3f15386353f568f528935063ba62fcc31f448a02f7643abd7f2825c4cfc06c9d908b06d46c3c601c31f646c8da0b6ae460673b6965d06c0204b7c086096ef90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
11KB

MD5
fdf4e387cb3c2acedcf3bc27d6a89676

SHA1
5b74b3f9b6aa4a1a481beb939446cad6d06d9e00

SHA256
7f9940ba618424990af9a643fa57717dce1109492599184ae4f7ad6b6a5e3b8b

SHA512
376b875ab4fc7da170fe6d6851607a7eccf243166ef958673fb19075f44a52083e5399f4d73d8576c676a7a3ec73c0c7bd96520bd91405d0bb8904881dbc64b1

Download Submit