b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

900KB
MD5

9e9aac3c17da1438dd0ef6153530fbff
SHA1

c5d191ac45dc43ce2a71407897098240f172f3ca
SHA256

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127
SHA512

251666aa4c05468ccc6f6f0eec34a986c56b1c26d768c49019a6100a7c6c8fab70409acebd6d412daf689a619b234b103c4ab16a77760c0426dad3c549e51bd7
SSDEEP

24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8aU1o:STvC/MTQYxsWR7aU1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
3536	taskkill.exe
2292	taskkill.exe
3460	taskkill.exe
3172	taskkill.exe
1184	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2844	file.exe
2844	file.exe
2844	file.exe
2844	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3172	taskkill.exe
Token: SeDebugPrivilege	1184	taskkill.exe
Token: SeDebugPrivilege	3536	taskkill.exe
Token: SeDebugPrivilege	2292	taskkill.exe
Token: SeDebugPrivilege	3460	taskkill.exe
Token: SeDebugPrivilege	3376	firefox.exe
Token: SeDebugPrivilege	3376	firefox.exe
Token: SeDebugPrivilege	3376	firefox.exe
Token: SeDebugPrivilege	3376	firefox.exe
Token: SeDebugPrivilege	3376	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
2844	file.exe
2844	file.exe
2844	file.exe
2844	file.exe
2844	file.exe
2844	file.exe
2844	file.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
2844	file.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
2844	file.exe
2844	file.exe
2844	file.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
2844	file.exe
2844	file.exe
2844	file.exe
2844	file.exe
2844	file.exe
2844	file.exe
2844	file.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
2844	file.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
3376	firefox.exe
2844	file.exe
2844	file.exe
2844	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3376	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 3172	2844	file.exe	83
PID 2844 wrote to memory of 3172	2844	file.exe	83
PID 2844 wrote to memory of 3172	2844	file.exe	83
PID 2844 wrote to memory of 1184	2844	file.exe	92
PID 2844 wrote to memory of 1184	2844	file.exe	92
PID 2844 wrote to memory of 1184	2844	file.exe	92
PID 2844 wrote to memory of 3536	2844	file.exe	95
PID 2844 wrote to memory of 3536	2844	file.exe	95
PID 2844 wrote to memory of 3536	2844	file.exe	95
PID 2844 wrote to memory of 2292	2844	file.exe	97
PID 2844 wrote to memory of 2292	2844	file.exe	97
PID 2844 wrote to memory of 2292	2844	file.exe	97
PID 2844 wrote to memory of 3460	2844	file.exe	99
PID 2844 wrote to memory of 3460	2844	file.exe	99
PID 2844 wrote to memory of 3460	2844	file.exe	99
PID 2844 wrote to memory of 3908	2844	file.exe	101
PID 2844 wrote to memory of 3908	2844	file.exe	101
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3908 wrote to memory of 3376	3908	firefox.exe	102
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105
PID 3376 wrote to memory of 3132	3376	firefox.exe	105

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3172
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1184
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3536
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2292
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3460
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3376
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1884 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b072d7d5-9b19-4a3e-8170-71252d24cfcc} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" gpu
      4⤵
      PID:3132
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2380 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e0ce9cf-d1ca-453e-958a-e6b425be6160} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" socket
      4⤵
      PID:5008
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3300 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cab5cec-4220-4f9b-ad61-61f2d126b8e2} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
      4⤵
      PID:1604
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4208 -childID 2 -isForBrowser -prefsHandle 3888 -prefMapHandle 4016 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfea6671-2396-4216-a90a-35ca16856730} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
      4⤵
      PID:1608
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4112 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 4756 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c196aed3-ee96-4489-9920-2de22ecb74a3} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" utility
      4⤵
      Checks processor information in registry
      PID:5156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5176 -childID 3 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1605d0dc-e57f-44d7-a261-4a23408418f7} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
      4⤵
      PID:5568
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 4 -isForBrowser -prefsHandle 5136 -prefMapHandle 4916 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28961e69-7bca-4d74-a2bd-58fd86ec31e6} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
      4⤵
      PID:5636
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 5 -isForBrowser -prefsHandle 5580 -prefMapHandle 5576 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81519ef9-47f4-4445-8e5b-b2fcf7210a5a} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
      4⤵
      PID:5680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
d8d6001766b72fabd435416a4f3be8cb

SHA1
9db90bac69fcbdb65d85509f51040ac51a410cf0

SHA256
4b9705d269b5ec8dd18fcfcdb09595ca3fe0fc62c342e20b580802f091475b75

SHA512
a608003d4cbd8bf0f0a50000619623519eb2e89d2234fdc686663d21801211f878c2b39340c5fee36518cfbd5097bb61ea79581022c185db7a52e897bff8106b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
a986795eb1a0e39fc52a9098eb347748

SHA1
8206c134fcb09b062cbf9ae6165225e3680a045f

SHA256
205bef715b559224a7993ef9e0b1d53369921a0c05efda1abe051639eb4116cc

SHA512
36a407b20099114563d951d5be254c087068cb4b4b61548297d72cb6d9ed7aba667f4b9e03d62a41af4222b5e43cc34b67ce6a34db8460a210993bbc28cad084

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
6KB

MD5
ec741121e39cceb1151316a422f24f76

SHA1
77d821fb03c9c1a6680ee645ce1de967c5a2bd17

SHA256
4e4e9f7e3e05760111da9f065846cb61cf3f03a72471830d89b8ffcf790a22b7

SHA512
82f51d32422fcc87e0c01b4bdbf3edb5a0455853f36e4782831caf6dcd492c3bbd7a9887c9782df886983cc2ee40e5bdd28190902221126545dbe743fe4a8b18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
7KB

MD5
8d810a617c5f06a48e15ba836b6170ab

SHA1
db7271a3092165952c24da64eb0d5171cd23c445

SHA256
ab24c6bf00df44823ff8f913a7539ccb5d022c2e822a016ba8818f346ae14e2e

SHA512
0a4d42b8f3921cacdca73fdaadaf7a18958568670d7b1abd00f2a9ba1667ab34f3aa4468afb87ae4d13da48d3a44e6d1c03b9b8b777a90494fb1f411b4eec4ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
18KB

MD5
98b3e01a7845c4af3a5cb630dd691722

SHA1
b69c43717bc7e5c031f98994dab6ddaf404084a6

SHA256
d8734f37b8202d345f25e9b823bdacf3310a52b539c5d5cff9b7b85565c0960f

SHA512
3bbc7df4393dae807353af300a98de1e0df825a2915e764dfb00829d043842989f53dfca9a9f5df380c777150e4547938089a103228dd03f196eb5702493493d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
11KB

MD5
8fde1920d4777240bf18bd522dd0949f

SHA1
c5f6a37e82ab5fee5cdbabbc790aa42f0beff301

SHA256
f0f429e96efdbe35db891123780e3ed4735cda98be01dad19859c01db4b855a3

SHA512
6c761ec4fd09e99407432dc1a9c595136ef4b38a87dc9ed731c9e60920e356c385a42cc70622ee15134b2fefce994c6300d4c12c59fc8aeecd98818268acedc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0dd883bc29d7a9e68c77147c3b075c1f

SHA1
0c647a0285ccf9d5e85595fcd3f581f4b2adb1c4

SHA256
b24bca91b922345ebe9af0c90038754c9a439f7b52af2ba48da2f573f22a4f16

SHA512
0de35982e6ea310c6376fb1a0d46240321f549001a24ed347e2ffa64df39d919cbe482036f95c12960bb7cb60555b5c2513ade87153b4a9e8442f5248a88bcb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
384f4b7a8b80d43e55ffbee32ca20a24

SHA1
57054c596b7d499c7f48fda0f0265915c3099d1a

SHA256
1ebe3811b3a8609763af8e0becd26b113bee73781c1f1df488fd0a610e5dbf06

SHA512
2c1d06aa6a414d530459ec17a86c1c774d32a33ea38c4fafad946ab41bf426b4debdba73a00946a55e8f4724d9463a278afb26f4cd630aac8d19e0034b549810

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
361ced22a1efa0e4768e363f30851d4b

SHA1
bbdbabf8f845c709d64c0d444778f663794660b8

SHA256
83a3da4468d02552673026d9c5dce4fd5a9c52ca2dd5acca7d9249df6d8cfd90

SHA512
9fec169e0f6d1d56e981042acc5f9fcdd51afba88a76e987f57fe27a89c92f5c86472a3e0fc6126f5382e44a8c09402da9f2d9e1e25fe5f64ed0552b1020d773

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\8182a9d2-44ab-49fc-91fb-25016b19b45f

Filesize
982B

MD5
d60e77f1109ca0c8e618a5df3e45029c

SHA1
5242dc67ef92b398e7c75d3af0f3faf002dfa069

SHA256
b7d11afaa05fb5be87050eee6274e1f7ed743775690310bd9d195a88baa446cb

SHA512
97ae5b27f2028ef873f44e130d19222a2f3cb5917b72fbfb72a1fe9ddda181fdfabf74669d26f4c2a23d1111f9417a41b36d3532bce5936a92946312318f5735

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\8f55132b-92d5-4c2c-bc25-dfd865b870fc

Filesize
26KB

MD5
e9fa95a07ff20c002a0251b6f31b777b

SHA1
6ae8ed036e412fa880b8a70d177c769f33bb83be

SHA256
022d02308d475b1edfbe5703e0a23cda58f93e19876cd4b7b86c88df02004e4d

SHA512
42650be75d27b0ba5023f9a508d273053a460b2983b399a24469c79315fb1bad8c93470fa16c18fd8bf7af174a590ee8f6a87103d70608b61c2cda790d09ced7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\f5db545f-2811-4c22-86db-356af1d27af8

Filesize
671B

MD5
7ce1829083c606ab7fbf9ce50c18ee00

SHA1
c369878d8da0883913187776d0292dae68359cb4

SHA256
2e033fda320ffb9dce1faabc983763829d565b0ce282f5a51d0ae23eb412caa0

SHA512
1dd9db8a3d65b37046ca7c76a6b2a6eaed05df082999ebae860657df3d26a6b5a19593d9823f953701f9cd80c44e9ba99a7b991d18cecf942d9cf74321337019

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
10KB

MD5
010fda6eb23be95d48e00f2fbd04e1ed

SHA1
eec8d57c9a4d297a121f1f27572d795fc2cee957

SHA256
ad5e42aa032e44ded4404fafdaf3a6c3aca3b3dec10c2ae4fd7cca1a1f1e25b8

SHA512
c37589ad551a048646b634d09922688a00b4e6828510c6bd527d18374a543a68a061e608c070231d221f822c239322387d2f46f39de2bdaac9e24098fa9cf5e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
11KB

MD5
9e919f1bc9cec173491a55231bd06888

SHA1
8d07f561c2b2b02b2d1d37f6259b21871f7de99c

SHA256
62e2ffefd1dbfdbeb6ba6b1d89faabbd72e7084c3b1e440fa301a5ee7e0a08c7

SHA512
f64afca8f1b0e23f9f165081b35c9a2f3bd526fb9878659015c7296035732d8302adfdaa1e1528d93c335105f7f0aae7d94b5dd4ef96de3995c1c5fcb2167714

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
15KB

MD5
fd9d567e4a08e9df475671ce8487bfb5

SHA1
b9ad5c7122919cf1f47da494cf843beb4b8e1061

SHA256
787bb0742e39f86ec21a20739a4712e650e82c74470d1227d0f08203c8952f23

SHA512
58885d5456e26787bf1d4a2ec1fa8e2c6699345b7728c41141b8171a22d917e41d80278d477f50674ea503c783e4bcccfd8c784c8f76b6313a265603cd0701e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
11KB

MD5
cb15bda23f8b5709cba4afa30b01bcca

SHA1
aec29eae952027a45987ceb54dcf3f56f5157570

SHA256
cfa7365f934842014f0d5df1607f57d97ab433ec58cba747e46ac420d2584d3a

SHA512
1f35e753cb098417a23066e825cdd9c93874ffc0e29e8edbcbe81f297be12f288616d4c782931a2bc035e1233a8a3a02e6bf6264a31af82830238a25c8f5dd35

Download Submit