8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71

Analysis

max time kernel
125s
max time network
157s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
Size

900KB
MD5

36364e1efc498b513634acce3a1fb7c2
SHA1

f94abbfaf80f939431b7f231fcaafbe173ee28a1
SHA256

8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71
SHA512

7788d4f298537d868728080c6157f95fd7a659fe6bf10bb05b04514bf2fed9a0c9c24fbca708dcafca7361e49779c45eb65a132adb1ea768b0568648e5e207dc
SSDEEP

24576:7qDEvCTbMWu7rQYlBQcBiT6rprG8aFmE4:7TvC/MTQYxsWR7aFs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2608	taskkill.exe
2704	taskkill.exe
2980	taskkill.exe
2552	taskkill.exe
2772	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2980	taskkill.exe
Token: SeDebugPrivilege	2552	taskkill.exe
Token: SeDebugPrivilege	2772	taskkill.exe
Token: SeDebugPrivilege	2608	taskkill.exe
Token: SeDebugPrivilege	2704	taskkill.exe
Token: SeDebugPrivilege	792	firefox.exe
Token: SeDebugPrivilege	792	firefox.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2980	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	30
PID 2756 wrote to memory of 2980	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	30
PID 2756 wrote to memory of 2980	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	30
PID 2756 wrote to memory of 2980	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	30
PID 2756 wrote to memory of 2552	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	33
PID 2756 wrote to memory of 2552	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	33
PID 2756 wrote to memory of 2552	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	33
PID 2756 wrote to memory of 2552	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	33
PID 2756 wrote to memory of 2772	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	35
PID 2756 wrote to memory of 2772	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	35
PID 2756 wrote to memory of 2772	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	35
PID 2756 wrote to memory of 2772	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	35
PID 2756 wrote to memory of 2608	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	37
PID 2756 wrote to memory of 2608	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	37
PID 2756 wrote to memory of 2608	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	37
PID 2756 wrote to memory of 2608	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	37
PID 2756 wrote to memory of 2704	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	39
PID 2756 wrote to memory of 2704	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	39
PID 2756 wrote to memory of 2704	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	39
PID 2756 wrote to memory of 2704	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	39
PID 2756 wrote to memory of 332	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	41
PID 2756 wrote to memory of 332	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	41
PID 2756 wrote to memory of 332	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	41
PID 2756 wrote to memory of 332	2756	8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe	41
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 332 wrote to memory of 792	332	firefox.exe	42
PID 792 wrote to memory of 1756	792	firefox.exe	43
PID 792 wrote to memory of 1756	792	firefox.exe	43
PID 792 wrote to memory of 1756	792	firefox.exe	43
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44
PID 792 wrote to memory of 1580	792	firefox.exe	44

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe
"C:\Users\Admin\AppData\Local\Temp\8ecd028ed29e5ea1f570045ad6909c3b18b4a6e722f5285bb5e6f918ee54da71.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2980
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2552
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2772
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2608
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2704
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:792
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="792.0.754135671\622820004" -parentBuildID 20221007134813 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03c46358-77a4-4a3e-b99f-52d89adbf723} 792 "\\.\pipe\gecko-crash-server-pipe.792" 1276 111d8e58 gpu
      4⤵
      PID:1756
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="792.1.1769532172\84070341" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45aa63a3-3ceb-481b-8847-2eeef86f9116} 792 "\\.\pipe\gecko-crash-server-pipe.792" 1492 d74558 socket
      4⤵
      PID:1580
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="792.2.1910793243\1086911491" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa9868b4-8678-422b-8374-e691682607f2} 792 "\\.\pipe\gecko-crash-server-pipe.792" 2096 d65b58 tab
      4⤵
      PID:1736
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="792.3.2093483854\796211956" -childID 2 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec4f1aea-a468-41f4-a5dd-f2ce1e436d39} 792 "\\.\pipe\gecko-crash-server-pipe.792" 2756 1b57ec58 tab
      4⤵
      PID:468
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="792.4.24649067\2022227988" -childID 3 -isForBrowser -prefsHandle 3704 -prefMapHandle 3700 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2399e680-5a94-44ac-8287-a34c96327c37} 792 "\\.\pipe\gecko-crash-server-pipe.792" 3692 21020458 tab
      4⤵
      PID:1532
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="792.5.2077727812\1392761073" -childID 4 -isForBrowser -prefsHandle 3836 -prefMapHandle 3840 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ca0b9e0-baab-49d1-971a-3b391da8fad4} 792 "\\.\pipe\gecko-crash-server-pipe.792" 3824 111dac58 tab
      4⤵
      PID:2656
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="792.6.404064409\1986791243" -childID 5 -isForBrowser -prefsHandle 4020 -prefMapHandle 4024 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91fea856-99a5-4289-81b3-d62a43c3533d} 792 "\\.\pipe\gecko-crash-server-pipe.792" 4008 21021958 tab
      4⤵
      PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
08d5123e67971b8af789fa1fa0929bda

SHA1
f9fbe742b6b295d514f762ba50c89a311ed9e93c

SHA256
e6de82ba16dca8b63ad8fdef0f0dbf7ef61c811f9212a56f4d50799edf504ffd

SHA512
76e4cb016ea12374b4112f9253336773eef9f2c96365afc64a7e7e5fc2a7112508c131d5f044c9d0eaf3bf2e0fd30f78863c7d200f4f154fa58fb7ad1c951fc1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
13KB

MD5
f99b4984bd93547ff4ab09d35b9ed6d5

SHA1
73bf4d313cb094bb6ead04460da9547106794007

SHA256
402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069

SHA512
cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f2e104092a1eaf4c80055c40cf1cc257

SHA1
a249c2d45d96443c09b7505dff916af59ea8ae70

SHA256
507ed86fc28be4708d411c19d2770ca21ae63dc3da23680ad998268a7fae857c

SHA512
bd632d03172487bbbe793c8773706c2716290f4192163d7a14ac0900dd4185af4af426d315c93b239a9c27beeb2a1ebfa78c25e482995a9233fb6a062ed85569

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\datareporting\glean\pending_pings\7e9515d0-5159-4769-9b98-40f890e0befc

Filesize
745B

MD5
754abfc2c89ee3a3df1ecbc67a6eb433

SHA1
e68a1fc3920739f7333b7ec8606a01f6d8580c06

SHA256
b8e349405a4b3d2f27099acb7517631ead7621dc66070f441d50e82d22b8f08b

SHA512
55475e1194396d3d1d83cdd21076fa7fe0a2fd2ccb96e4d625f896abe862abd3bf6795a5aea16ba655295162c4e7e5e9d26c86bdb8f5cd3e16afb413e989d234

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\datareporting\glean\pending_pings\c8701fc3-41d4-4086-a8ed-f8d817def4d7

Filesize
11KB

MD5
2f10a4a0ded3b199d0c1f6b9c288ad53

SHA1
dd80eb4ba012c582e41db8909450d769c180de9d

SHA256
cd4a1de8b034b684ba0fe8a0a9664639686c8b810b79d9af72e735e22ec2ee84

SHA512
2e14858eb5913a89e92c6d0aaa48ab93667f4e7bb47418d5ad28e907b22d75012fdc3653324f0f5e9979112f2c13e3f21ca23b5c4366de13a16d044fe23e4dc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\prefs-1.js

Filesize
6KB

MD5
8c7bc2d1bc8325a4fea5b4e4f139fa1e

SHA1
642d7e7e8dd2d5a3a6b3f07f329bc872e978d256

SHA256
93f21653ad5d43ba1f46463ff904bb9e7855194920dfffa2ecc5065780cfab2a

SHA512
3f095625b7c1f90b2af53d4aeb42d7c62b54296458dd9c6edbc4477b1ac4cae2cbdff0863f0c2e9edc2a3e3a8156db6f474017d84f58e765213f1e4b15150746

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\prefs-1.js

Filesize
7KB

MD5
25f38c0ab20a525d0f4d022470c7d324

SHA1
82639d76133d0dd3bf625f180ca7a6947905cae8

SHA256
a1501eff66618e0a6fac54b8e5079bb4c06297cf89d19c8cd639e766e6aa244a

SHA512
9fdcb4e0930730cba5a4cf4c941a4b74b24a3a810b4db28361db7a04b485fd18da512c671bc122ce7a0d7a33893a57a2ce787c0245ce1c2c89c9df3349302eeb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\prefs-1.js

Filesize
6KB

MD5
69df7412def15f5a3c7eefbf6837e404

SHA1
25b4250c10e9b45b2c1b1ad0bd6dea630e2d7b71

SHA256
a9ec28dc9442f0b01d46a835cfbc612a115acd9961c15f224b0a3003e12b6d0a

SHA512
90e843ef314490cbf3b734a634c7d4d2c03d929b6f32b29a3b9da3871d21c3d4887e1a4becdca1e0620abbed9752a3394e81792e1f9ae3eb3b3aea07123da6f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\prefs.js

Filesize
6KB

MD5
eba8270a57ce1f05633dea8a523f2c0a

SHA1
ec9bad8d676e240ad34d798c48b532f7262c7036

SHA256
6d2ade14b064670039a98d689df526f14626d4e6481c4b176fb00961da560c2e

SHA512
663e73b998bbf9e2a47cbed8418d680b37d4cdadd56a921cfbbf313bdfc1ad08e303c67f082812597e81a7d9e3c2fb38fed784f1f88927432dda12d8db6134cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
526622217543cd560a726fd497f68201

SHA1
81ce4f0830b279082608734df545371761c2dd48

SHA256
0da16f955f139742125a49e11821739e8bf93f34545031f1a20f117bbc3097e6

SHA512
7714a3dfc669a503f4abdb6e1478e076c80370cbf3e92dff4a12da685b7cbcb0f83152eb4ece903740081ca817bdb38a89ba3d61f0920973c2c95d5833b73ed6

Download Submit