b5aa55ab7b1267b5e806ab6a306816d8198655a7dd68c2af43e11d06e695fb62

Analysis

max time kernel
127s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

901KB
MD5

ced448790328e3105c0cfc739ce1c049
SHA1

4e5d7352b4272867394b9a2c8878c108d833662d
SHA256

b5aa55ab7b1267b5e806ab6a306816d8198655a7dd68c2af43e11d06e695fb62
SHA512

74a181ce8cdef058a0637231822446ce0c7261f7bc9f0a52db90c357ba9d0046676308370501b925d4a039b0ab7540b21c6b08e963de80f1ec2494add6deee4e
SSDEEP

12288:xqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaXTb5:xqDEvCTbMWu7rQYlBQcBiT6rprG8aDl

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2320	taskkill.exe
3592	taskkill.exe
2080	taskkill.exe
5092	taskkill.exe
2740	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2080	taskkill.exe
Token: SeDebugPrivilege	5092	taskkill.exe
Token: SeDebugPrivilege	2740	taskkill.exe
Token: SeDebugPrivilege	2320	taskkill.exe
Token: SeDebugPrivilege	3592	taskkill.exe
Token: SeDebugPrivilege	4996	firefox.exe
Token: SeDebugPrivilege	4996	firefox.exe
Token: SeDebugPrivilege	4996	firefox.exe
Token: SeDebugPrivilege	4996	firefox.exe
Token: SeDebugPrivilege	4996	firefox.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
3316	file.exe
3316	file.exe
3316	file.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
3316	file.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
4996	firefox.exe
3316	file.exe
3316	file.exe
3316	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4996	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 2080	3316	file.exe	83
PID 3316 wrote to memory of 2080	3316	file.exe	83
PID 3316 wrote to memory of 2080	3316	file.exe	83
PID 3316 wrote to memory of 5092	3316	file.exe	90
PID 3316 wrote to memory of 5092	3316	file.exe	90
PID 3316 wrote to memory of 5092	3316	file.exe	90
PID 3316 wrote to memory of 2740	3316	file.exe	92
PID 3316 wrote to memory of 2740	3316	file.exe	92
PID 3316 wrote to memory of 2740	3316	file.exe	92
PID 3316 wrote to memory of 2320	3316	file.exe	94
PID 3316 wrote to memory of 2320	3316	file.exe	94
PID 3316 wrote to memory of 2320	3316	file.exe	94
PID 3316 wrote to memory of 3592	3316	file.exe	96
PID 3316 wrote to memory of 3592	3316	file.exe	96
PID 3316 wrote to memory of 3592	3316	file.exe	96
PID 3316 wrote to memory of 820	3316	file.exe	98
PID 3316 wrote to memory of 820	3316	file.exe	98
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 820 wrote to memory of 4996	820	firefox.exe	99
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100
PID 4996 wrote to memory of 3424	4996	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2080
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5092
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2740
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2320
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3592
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4996
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d671f3e-a163-491a-a317-d916e9c0f822} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" gpu
      4⤵
      PID:3424
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35952939-0c92-4bf1-8a17-b06a9af00066} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" socket
      4⤵
      PID:3212
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1376 -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 3004 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4f23747-282f-4b79-b087-8e0412326364} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" tab
      4⤵
      PID:1668
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4140 -childID 2 -isForBrowser -prefsHandle 4132 -prefMapHandle 4128 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8d3a505-783e-4193-bb8c-8b63f8162b77} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" tab
      4⤵
      PID:2184
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4904 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4860 -prefMapHandle 4864 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73da0c6d-7be9-4ea4-adb9-f5c60d932fa0} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" utility
      4⤵
      Checks processor information in registry
      PID:760
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 4872 -prefMapHandle 5360 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11586a04-ee13-4eac-a57f-c5c0b07e075b} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" tab
      4⤵
      PID:1964
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5584 -prefMapHandle 5580 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec22335-bda7-4adf-99dd-36568cde1d0d} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" tab
      4⤵
      PID:1704
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5692 -prefMapHandle 5696 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f770af2e-94dc-475e-bd6d-81bf8a9f1a43} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" tab
      4⤵
      PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
3f9ba2378cb7ba3d1ebbddb0a522171f

SHA1
cdd41fdded00e916537e99cb81bbade1b45c2a54

SHA256
4452e9171f171d5197d58cca2112c829f8a6e5abc6170fcd62f165ae8bc1b0c6

SHA512
9ae676f4b45bbfd9ee8f523bf1e7105519d0e8de113db1804b63902f68352bfe8e4363156bf72da088a0e0378f2771b81ec10919d1c7c19f55deba766f2ac478

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
49a65e1aa55a37393e7d104111e9e5e1

SHA1
c810ec70c5a9cd8c2aa3b8fbff6cc5af13b9c2b5

SHA256
37d1419086248c1bb22046c974ad1577c9438e637e8ee73c4003f4ef5167a504

SHA512
3d8a1029aeca95edb2be93479a63417f26c66052788d729f7360ddf8d2f00e2c992aa5e5e22ef200ead960aaee9fcfe9c19048c50a96bf852369d1529454feda

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin

Filesize
8KB

MD5
ff472e9833b868e0711b038732f1f53e

SHA1
425cac0cd22540c917fa99f342dc8f27f77e5a54

SHA256
d328985765d060e1b777d4f5c5b99d474bf6248f0a8687cf24aba29f37d09f12

SHA512
29cb1f162c69b4e25ca7bdebf1b9a4040448552b9469162432fe69e6d3bf25a2e03a79a3b9b118ecd87e7df80989c6411cba99422c7e03e5a517139b84423e58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin

Filesize
12KB

MD5
0de6bd82876d3fe98f10f642b183f257

SHA1
3c98789a10a1bec9672f0938702c8ac1dd023b83

SHA256
79c9a501a80da3bf24d9198f40dbbbc9aa06229b32df2ba0843f74c0ef65dd13

SHA512
9e3b476d4d8fbd2d6e119450e853f16dcfe7e42f8843bbcb185a1c4763dcf1beb4a4b1e917344b64d207d09b2396aa72fc309be3cf4da7023f490aea200f5607

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
60fca10f8bb9fa65e4e4f3339dab3152

SHA1
3c2344d9552f4372381cd12dc01c5b65178c4b4a

SHA256
32d96a816ab58b32a9ec61e8f6533b09f035f5402f605cca1badf77232f71522

SHA512
b35e6c9bb72565fe8f341c5c29b898c553593a24e2c5c0fb09afc5a9aa191d1a07cf61ba51480e3b5086e08946bd26f19c35bf568f9ad2d18cd85ea278581067

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
e1c720d5840e87ecda03bec4f52d240c

SHA1
bf1ccdc6145d8f7bbd76eb77a88b3469d4dbb93c

SHA256
e581a503f70d117a7a27e7b8b7fe5b70f4de35fb93af5ed880c81aba984457b5

SHA512
9945eeb2f12246744231c34d2670e935389109cef6e34f128316bbcd86e3c200ac450543578a8ceca5b841055600629ac078d41a938234080d71066419b240fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\0cd3a4a1-2ad2-42e6-9a66-5e081209282d

Filesize
982B

MD5
b62f48b28eb324f9e540f4739b142493

SHA1
0cff4e50166f2c040a84fc49dcc3fbb7850798dc

SHA256
cc1a52d6a758a1c9a7e7dc2230fffe76655dc4a3b923365f918d7cbe0c23c4fa

SHA512
c0dd14015d479e8917dc4b3e93767be886f7403d529c31d393d2e029115cc0b251444d82c99f6e44cebbaedb7e1e8ed88bd5a7c9ff629fa85bd53f46ce702972

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\9b80a6a7-1820-4ac7-bc8c-793a3197b861

Filesize
26KB

MD5
fd591c97cf9b66c18e0c8f4893ffe95c

SHA1
1f5a7efc20d91bfe8912b2bdd886f5672b8b7abf

SHA256
bddf4d0c237912866fda876bdbb43d9647794d6094b9dff4ac3ff578543850ac

SHA512
d99c144b413e5b299dec9ed3c5f99c7ef73deed8b9db14ada6476c52a9e9f06f43f1a3d2e95601cfe2bc7192c5ce48c8a525ba2c6830c217782e4c0e4b3d2efe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\d4117b07-65b0-4233-9a43-51a6097ba7e4

Filesize
671B

MD5
548e6f8abaacaedf163d71cead01f9b7

SHA1
8f9279aad5e1c06693c6fc3ed5202cdb16313a7c

SHA256
413502b9888cf23b2ea730ab61ebb344e7f3d16eff75cafad7b740d7a7950130

SHA512
0e410478e03b33d19a2dc382162b82d28e406da246a4b3fa7d3888143c74195ef85e21d4e6c8dd7472b367738f5a6feed8ac57b1a63d3a3f4a85dbd3f87793fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js

Filesize
14KB

MD5
dd3c8898ad9721510fc0a4b89be70d29

SHA1
52a1fc4d444aecdf6c42113c19fd150655131eed

SHA256
24f090c371f2f2b22538103d6815441cb1d0d9606f3ad41802c4af1de702cffc

SHA512
3985c512f89ebf9710a2d3fc18d8c1547bf01ec8fdd620635410504e3a15716aed9457ed08afce2333866a4f4eff187f6b979706d3cc9d0c96cde748c3aac5eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js

Filesize
12KB

MD5
852bc6cf0a25689766ab0edfe9c98ac5

SHA1
1e3adcc304422dd097effb8f713f2d402496c820

SHA256
1af8b738b40e05ce5fbb09ee910dfebf81971b7bb4cf5f4901ba6dbd5780e650

SHA512
81e4bccf3ccc5a4d91ba1561006c4b79514586e8ca2321e187cac147c24f9dac3a2652660c77c2dec179b0c2b32687788fd3758d64fda4ce6f9ea8967916fc9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js

Filesize
10KB

MD5
f8caf20a7cffef80f235470e31d0354d

SHA1
9360dab1c285083ad4237ab2e7fc444cc53d9826

SHA256
506fb24e907ebcbf5f88595b6e562ff0a528352c0e255eae55df3ad036d3ac09

SHA512
167787c1dfa53d6792efa9e6cb856b2e1f7fc9c901631130a3ad90de5a055d256da8b0c9f7b4295b03b2ef0b95c18d40a2154dccf082dc6f049647b37f18f70e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js

Filesize
11KB

MD5
550990bca2b98398becd2a9b90c94561

SHA1
8b8d5e875e83776e058776d93934d4add9013eaa

SHA256
6610daf69f2e0db8dce5224500329e13166b088d3dec7b079fed2ef12292113b

SHA512
5044b814a541475f57f2d391bfa7ba377e4d84f4ad25a96d5ca217a8885b233d34ca438a3c85983738f7edb3191a532ee92d857eb94414072d1d94d9d7bcdfbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js

Filesize
10KB

MD5
f4cf9d6b970c68483a3f4a031b66215b

SHA1
0ebf10dadb1485a74b4c236f94c1ff6057a35d73

SHA256
87f5f58a240d95e70d97497a74f8da5fe6bde2dc7b3e6f04cf0013b549411ee2

SHA512
bc9a5661603ff289e15e49d725339f91197a692045e8056629d4de234c9a1b20a263a52ec6ed3a9955531a623e4ef908ef54049979e280b9c3ca475435e4c599

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.4MB

MD5
09006e0107c835d8bf3946863091d4aa

SHA1
394c46a3fc68a61689b5464407a6c069fbbdce5e

SHA256
95d47d61ea386cb3624de43fe49c71b3e351bf0068a8ca9df175ff59ec7258f8

SHA512
98d629b7a7480e9b7186539309e32362347d77a3bba0d3e672d23d1940b63310ab84e9c48935fc7db7cdb49137677be3fa559819844028c73c183c050dd5dd6a

Download Submit