960b3f024f7045d23c28149e4e935ee2bbc0aded4ae09a86f24928080e00caab

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

900KB
MD5

a659242a2961656ffef9f7a58e4901c1
SHA1

f00e59994ad40eeac38e4f26535a259c0d48ae2b
SHA256

960b3f024f7045d23c28149e4e935ee2bbc0aded4ae09a86f24928080e00caab
SHA512

3464a9248c45d12a38c288ae297c86e706ff57d1bd3aa1d37c5f5f91557ef785f51d8e118191b7f1cc05f31b8f20b238bd1911874c34533d463ba707b4beefba
SSDEEP

12288:VqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaQTT:VqDEvCTbMWu7rQYlBQcBiT6rprG8aoT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2580	taskkill.exe
4072	taskkill.exe
3016	taskkill.exe
2016	taskkill.exe
4976	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
552	file.exe
552	file.exe
552	file.exe
552	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2580	taskkill.exe
Token: SeDebugPrivilege	4072	taskkill.exe
Token: SeDebugPrivilege	3016	taskkill.exe
Token: SeDebugPrivilege	2016	taskkill.exe
Token: SeDebugPrivilege	4976	taskkill.exe
Token: SeDebugPrivilege	440	firefox.exe
Token: SeDebugPrivilege	440	firefox.exe
Token: SeDebugPrivilege	440	firefox.exe
Token: SeDebugPrivilege	440	firefox.exe
Token: SeDebugPrivilege	440	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
552	file.exe
552	file.exe
552	file.exe
552	file.exe
552	file.exe
552	file.exe
552	file.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
552	file.exe
552	file.exe
552	file.exe
552	file.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
552	file.exe
552	file.exe
552	file.exe
552	file.exe
552	file.exe
552	file.exe
552	file.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
552	file.exe
552	file.exe
552	file.exe
552	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
440	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 2580	552	file.exe	83
PID 552 wrote to memory of 2580	552	file.exe	83
PID 552 wrote to memory of 2580	552	file.exe	83
PID 552 wrote to memory of 4072	552	file.exe	91
PID 552 wrote to memory of 4072	552	file.exe	91
PID 552 wrote to memory of 4072	552	file.exe	91
PID 552 wrote to memory of 3016	552	file.exe	93
PID 552 wrote to memory of 3016	552	file.exe	93
PID 552 wrote to memory of 3016	552	file.exe	93
PID 552 wrote to memory of 2016	552	file.exe	95
PID 552 wrote to memory of 2016	552	file.exe	95
PID 552 wrote to memory of 2016	552	file.exe	95
PID 552 wrote to memory of 4976	552	file.exe	97
PID 552 wrote to memory of 4976	552	file.exe	97
PID 552 wrote to memory of 4976	552	file.exe	97
PID 552 wrote to memory of 4300	552	file.exe	101
PID 552 wrote to memory of 4300	552	file.exe	101
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 4300 wrote to memory of 440	4300	firefox.exe	102
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103
PID 440 wrote to memory of 4160	440	firefox.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:552
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2580
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4072
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3016
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2016
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:440
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f79809dc-365e-4a76-9d59-703cec3bdb77} 440 "\\.\pipe\gecko-crash-server-pipe.440" gpu
      4⤵
      PID:4160
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27c2fc1e-93ea-4597-876c-b26f7a5bd5a6} 440 "\\.\pipe\gecko-crash-server-pipe.440" socket
      4⤵
      PID:2708
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1604 -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3028 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8a26569-adfc-42d2-bf26-6523ff5f3967} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
      4⤵
      PID:464
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4020 -childID 2 -isForBrowser -prefsHandle 4012 -prefMapHandle 4008 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77b30568-e05d-452c-8d4e-d14e283b48db} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
      4⤵
      PID:5060
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4908 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4592 -prefMapHandle 4900 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4372111d-eee7-4cf4-8bd2-f2206d2d5fb2} 440 "\\.\pipe\gecko-crash-server-pipe.440" utility
      4⤵
      Checks processor information in registry
      PID:3908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 3 -isForBrowser -prefsHandle 5672 -prefMapHandle 5676 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ab77a8-a1c4-4e56-84ad-3190b63e4747} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
      4⤵
      PID:3952
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5656 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d91ca18c-97d4-46a0-93c8-48bb7e44c95c} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
      4⤵
      PID:4336
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5836 -childID 5 -isForBrowser -prefsHandle 5912 -prefMapHandle 5908 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1945b42-7429-4f6c-97e8-9746becd7011} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
      4⤵
      PID:4704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
4cc5818b38e0070e74f7ebaf68fae6e4

SHA1
613b7158bd42199a402975914eade60dfc531211

SHA256
e2186c9e0cb82cb42e79042f4f454314a2fca117dbcb76431f8fd2e7605dafe0

SHA512
86d5ed92a064647326539c3fc2fc720f0d1f5fd672cee2141b462d6ce40c24bbdda1d73726148a3be01fc19953900f902c2f036e8510043520e6240362977708

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
cad9445bbd41d81e02c7d0ac66bc3700

SHA1
1220a68d7ee1ad6806a420ad9b5ec8ef96582e83

SHA256
265399a08abc4a058e4575fcfa7863e426bcfa64a8ca397f7c47d8e75362e328

SHA512
11de3432c1db5674fa6a7f0f910c82c0d74e8976d5eb30570a37c2b4f6abeb5c8d58084b5ebfa9a75c83e7855ad96fde834bb368185786c4e75aef718e06ea13

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
8KB

MD5
fa6ff448d1fd15c5734cf71f6886bfb6

SHA1
59a658412d59609b3725597b731b5db4984c5e57

SHA256
78e17cfba5172b24869496cd24ff17dcdc372539a1891c81c2fa75b8b155e09a

SHA512
2ac077ebeda4c8943375a90a0e5ec56f295166228597e8340caaf6d33c8f2035c51e79c3b9bb74b28b13cc050fa0009159fcd3f09de043a5870d33172137eb82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
18KB

MD5
aa37c044804c4195798b1c7d46d7ef45

SHA1
f92d4bff7a9f1e1767f4a02cd684f2836e091bb3

SHA256
ac1ed48436a0087ab0898337cfb6480f127c3befa637166738dbca05523f6694

SHA512
a46f8a04e167d7bfa3b25ddaa73359fc42a84de7b5aeea938d0c3db59f6d30527cb7890d99227e45676dc3acd862ff2c23af2ba7398751c59f8a772343c83079

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
c6f9fd1869afa8b7576f80f867726075

SHA1
cde983066d83f9126c50fab6c43b40b9bdc94fc2

SHA256
32ff69b5eae64cf24ee3cff9fed9da6b3f2d84d73b72e2e65458428fd5936952

SHA512
b9e0cd3f0fe6361bf401031e539daed52dd2874625b2f3acaf6e346ce815f889ba479521efc4b2943c34d29ec7d8f702d871e85b0cfc54bc21b626943cb93171

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
4fb831363df99b61601a147525f030a7

SHA1
a92f8e1a6067a2307084c2f126898d31b3e2354e

SHA256
8892ca6dd3235494e1652e8e4d0cdea11297f2ec7af4419e761ee0e66e5685e8

SHA512
aadc8324ff42520f30667dc38a33821ecdb425662653bcc2474211d526d15329f9c076a875338641313853692ad512ae14d80ad76913ed4dd2e58f07c165d117

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
e06a4f52cb5fb55f188f9c87bccc3b49

SHA1
8184ad11337e2a8f4cc6fcd77c3c545e3ce39e9c

SHA256
b02c4767302a7c1525d5f6c834be789c3e1fb25f3bad91f53b3a51d60c07d5ad

SHA512
55d6f73c08880666cb9b21550b4ce759091c1f357903555d08bc63eefcab35777ace4af067ba153e759154722819405433de79f930c777cdefa9cd790ab4e357

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
d3572fac60c6621cd64d112af2285e8d

SHA1
f15146311b48ab5e7f345302609352e7e8d69b34

SHA256
20633d14fd459a17073f94fc0df10f97bb83fe119797de8a11f35e0068a3969d

SHA512
5ececc394316b0a48f75bbebf93f79a41afcda27d32f71e994decbbc5c95a8d24f96435d6c578d385b3730687949581eb2b05dd6aa5bf954da0910e98b2cb9e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
e0b5c35004bea815e3a6c72be4b2aac5

SHA1
fbbf0cec74d1368ae612492c2663b00faa68caf5

SHA256
335e2ec53cad2aa79e3d596b541158096b4de791e028d71a40de26e0dd0a3d75

SHA512
c0add0870a146ebf6c6b6cce68672591c31b12e0d5e8039bc07c1b7b306109156c9112c1921eb8ae1060b6b036a01215c09e00f078f562e89c41472b2cee9fb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\67ecf421-1c03-4c61-9816-6d3be4cd9f10

Filesize
659B

MD5
469999c14d30dd73a909130ed7cf2784

SHA1
06e177e90de487341ac3305e6a5615f9f998a78d

SHA256
238938a0b755c8615ffb0015e3dd096ceb112353688105f0e9ef58e60fede51e

SHA512
4fc14369f993a2d01302a6ed03526276dacc0f03c4adede69646174b6a69b0cbfc48c7f937889f97b42a4de5aa2f03584de7db16138feb382b1664caa0ce6d6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\e732ae95-df9d-4829-a82c-63fa82376e7e

Filesize
982B

MD5
65fe975a2bdc406aed0dfcbf2dbd10a6

SHA1
8ed73cef26a18aa061a83d437bb24981126f80e5

SHA256
64b4a0ee228890437de36c35e22d8d9aa885563cfd4ba16bb509fc37cac4403d

SHA512
807e1bd35f48b19aab79e73ef3c4a2cc17b9943002e116461d7f68ced6f3313518dcd3deb10874b9172fb5785f3fe6f6ac5c1d6060a0dd84be915c4977350bd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

Filesize
12KB

MD5
7c1a8a63e6afff3751dd1ddba310f027

SHA1
f8136c2e9ecd0149e81ef45a772a77ab60128c7f

SHA256
07856b7a5ac780c2ab8085926b79583eb7f5b04c1c3aa56ddcfe8e9dc6513416

SHA512
7a30b0407ee94c1800963d9a9232ab1d2b02f37f066a33b9e7b3458f54e9f753ecbdf1ec6a443b3d08b34e7d67099254714882c43a6c5dc5d2a46bc6be25a622

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

Filesize
15KB

MD5
6681556b85279841d4182d98de36d168

SHA1
c8e0cb111b61a8d72769eb7357a15b4ed2b64768

SHA256
dbb6d5c3c166c5b80e364b4b709e79af2451c83d0c6c099b60a533e2dc0ffc9c

SHA512
1ebd8e8a9e03b4e5cf1a8a132e6f8c906a87316125af9c8bc357ea985709ba7fc9591b4da24c38a7b7a1e1809532c7cbd7ebe20a6b13b5c6a7572eb1be19b5f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
10KB

MD5
a4b6c8e652b5d09735907c7ca2d88f74

SHA1
065531fe1233d78cd9d62b0fca578b5b3ae5e3e9

SHA256
83c71405c685e84e55bd3e5de1b4220c4f9925dd5d51affe9de9c3f0371a637d

SHA512
89917d0a4ccf07df514fce34101782433c79dd9995ce3683b4442d42f48c0d9f5cff8043ec1fe422038706e5027529b01387189cf9a91f97d63157fda5f6d8a3

Download Submit