ad2309009df6b28cd5245b8c131f998dd9a77deb038353972b5cc11fbf1a3965

Analysis

max time kernel
127s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 05:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

900KB
MD5

a929662e180667831fdb25e5fe1f060f
SHA1

e7bfbe245f339a350a86833d37da596bb2c0796b
SHA256

ad2309009df6b28cd5245b8c131f998dd9a77deb038353972b5cc11fbf1a3965
SHA512

011292ee0f4dfaf9d544a5a1a8dc4256158f172a66a2e8276c0f12029185aba38603829a91e3cec2b3d24f6b34cda8772a55553ebd4f7e0a17c33c88e16edb86
SSDEEP

12288:CqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgamTm:CqDEvCTbMWu7rQYlBQcBiT6rprG8a+m

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2480	taskkill.exe
3356	taskkill.exe
4076	taskkill.exe
4892	taskkill.exe
3656	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3656	taskkill.exe
Token: SeDebugPrivilege	2480	taskkill.exe
Token: SeDebugPrivilege	3356	taskkill.exe
Token: SeDebugPrivilege	4076	taskkill.exe
Token: SeDebugPrivilege	4892	taskkill.exe
Token: SeDebugPrivilege	2332	firefox.exe
Token: SeDebugPrivilege	2332	firefox.exe
Token: SeDebugPrivilege	2332	firefox.exe
Token: SeDebugPrivilege	2332	firefox.exe
Token: SeDebugPrivilege	2332	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
4328	file.exe
4328	file.exe
4328	file.exe
4328	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2332	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 3656	4328	file.exe	83
PID 4328 wrote to memory of 3656	4328	file.exe	83
PID 4328 wrote to memory of 3656	4328	file.exe	83
PID 4328 wrote to memory of 2480	4328	file.exe	89
PID 4328 wrote to memory of 2480	4328	file.exe	89
PID 4328 wrote to memory of 2480	4328	file.exe	89
PID 4328 wrote to memory of 3356	4328	file.exe	91
PID 4328 wrote to memory of 3356	4328	file.exe	91
PID 4328 wrote to memory of 3356	4328	file.exe	91
PID 4328 wrote to memory of 4076	4328	file.exe	93
PID 4328 wrote to memory of 4076	4328	file.exe	93
PID 4328 wrote to memory of 4076	4328	file.exe	93
PID 4328 wrote to memory of 4892	4328	file.exe	95
PID 4328 wrote to memory of 4892	4328	file.exe	95
PID 4328 wrote to memory of 4892	4328	file.exe	95
PID 4328 wrote to memory of 2776	4328	file.exe	99
PID 4328 wrote to memory of 2776	4328	file.exe	99
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2776 wrote to memory of 2332	2776	firefox.exe	100
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101
PID 2332 wrote to memory of 5064	2332	firefox.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3656
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2480
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3356
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4076
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4892
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2332
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2c726a0-d7d6-4f5c-b20c-321a19fc1e0b} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" gpu
      4⤵
      PID:5064
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b07a288-de89-4ea0-9994-b408e05b0e03} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" socket
      4⤵
      PID:1596
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2744 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8c7da05-0d2e-42dd-b7cc-d53b5fd878aa} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
      4⤵
      PID:4632
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3936 -childID 2 -isForBrowser -prefsHandle 3860 -prefMapHandle 3844 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f4a09bc-221d-4ed7-b492-ee374cb1a2c7} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
      4⤵
      PID:2832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4512 -prefMapHandle 4508 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b6d9679-6d3d-494a-85c0-b9bb79b98123} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" utility
      4⤵
      Checks processor information in registry
      PID:5160
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5300 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9802b77b-db43-426f-a5b7-06a41ce13ff4} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
      4⤵
      PID:5800
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dae6fb9-d1ca-4fbd-9f08-ceae257b118b} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
      4⤵
      PID:5812
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 5 -isForBrowser -prefsHandle 5764 -prefMapHandle 5760 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {487f1850-1145-4b44-b8bd-b89a29eafddd} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
      4⤵
      PID:5828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
4034b770318ddc0a6a758a6fc30750b9

SHA1
e74c6ac7249a8c9940f978b23a77a2fc1a68902f

SHA256
24431035794b7bdb6fe6224b4f286d726d0d7c0fe27cf1a73c56c3afd2d33d59

SHA512
707e4e0f8975b68cd4a0a591f132258cd9b2e8ab2a2b1e2c74c24b8267f94b9d512f1829870da3bdd7c932f01d0ee99a3cd7715efd53f1bcbaffcefba316931e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
938ca0d434af8ea4e565913ac4fc8027

SHA1
6ede8fbcd405181382bf7dc9cee8ef2191f73619

SHA256
8ec66fc710638896241ccf27c4477ece6fa7bece37c2dbe958dc7c899c66aa1b

SHA512
8e90c34cedbc5bb3f715f841baf0371571bb7d30ca985fe7141a1326db7fb4ca64d96d39befb66581b831b623ac01f7cf7a42639a2b01dbf31a41ba309c06989

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
6KB

MD5
1f875b7534d405a5e1e13b872c627be3

SHA1
4ce4f60ace87117ff599b5992cc041e4d35f15ea

SHA256
3182bfcdcf38a84cbb359b9d735a29a49afe858729ba62973ace7fb7a3426553

SHA512
a74a3d093d0d3962b988ced3d405897403ec99f41c8e1c325e06cbc6d5287bb73dd1df44195b604aa1fff8cad287c4692a440abeeb23a7502e6632badc22a6c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
18KB

MD5
ac24893ea794c33b7578052d44dd456d

SHA1
db2a3dfbdba3b36919c7c9c768270d9cab10dcad

SHA256
67ecab24bf0f740e254e0b96fcedff363a46df37b2303448b66f5576a0b312d1

SHA512
d8d4f3e4e6c19def908462f5beb91d9ff350cdce53d471f26d3cfbdc80e4af698ed8e89ae9f19202d2daecc0894aba4aac553e86f9f35d557e51b38da44637bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
7KB

MD5
e1e85db085e4a4d21aa50d3ffa7a2ec2

SHA1
da6e7821223e5457909adc1d2332ad22779c22b5

SHA256
dd1cb3b6917b847c5fcb668e6ec639d938fb9a4ff00b5163a68cee26eca52851

SHA512
a1b9ee75ac171c78ee8c770d6d6817bb4160ad6dc3ebec8cc3d40d244409d5caa2df9688e52f584a5c6533af833f751a51cbcc38f640767d8b5ce3cd180acc78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
11KB

MD5
09160cb370626816bab942e1fdfaa83f

SHA1
524e3ca2e5786dafd493ca29ea65acc31a9e2c34

SHA256
977e1a6ddbd75c1ed2f73d14ef94ce32fb9285859686d8e685d08179e9f559e2

SHA512
67f49dd96dad02e4ddf472ad4edf33167cec81c007168b986af34d1be9a4b29daa09dc4ef9867e91c50cc9b50f55865be51554cfb2bd476da46d01d171bcd40f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
dd952b9651a8a84f5792bd79280005bb

SHA1
2a7d2acc910c96017de0667a346acc0b0d3c4f72

SHA256
34beffec4e6dea411c450eb57ccdebf7dd80c7959ad1fa853f726d919c566013

SHA512
dbe7bc910f080340414f2e939ecaee0e865de576924c5ac932cbcc15611049e3c82612f74f466c787336d0bfd58822561add0fbe0c66aa7dce4b9b1def15ed82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
a1475a43a57d9876c8bd4d58a0960642

SHA1
f37b70301abfcd97b352c843e80699474418c6e7

SHA256
67b71f6c13c194e65d6db2e03e3c1d90c687534adce08318aef373d351b7f9dd

SHA512
3ad14432b2308aa80b6ce8da397b6621cd26824aa4bd845282751374791be597a0b23204456023caae885d5aa51c7d7d9b72ee368c3cf7c5f8de97c2d96ad1df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\5d83994a-04b3-4421-a5e7-af9445d85469

Filesize
26KB

MD5
bde5ed902f6ca93f62357e2a8bb9757e

SHA1
b4d3aa3b190b8a7d60732018b15c3da0f39b6d4f

SHA256
1368157561d7d0b90c45459aa1418c4e958e9853dc9c0f4b936b772b39a5bb20

SHA512
9d333058b903c437ce83399a0c312f3621941980c0392e21f33ea92f9269bb36f79dd077d70d67dc70c678081bc3f6c696cb332e1ea5b772391a39b87d8fef1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\9bb6a39c-965d-4d6a-8582-8a90ed56a90f

Filesize
671B

MD5
032b1987469e72e723853cf5227f753e

SHA1
99866f519acdc4aea361886beda6dbe672df1210

SHA256
da668644e4dcb6d2c540d84f650d6c3e58ce0603367947cf69b286b5e8a419c2

SHA512
3137ef0bedf1138f4f7398999e88a39d8f8253cfcb6c19dcfab34f217b0ed1ee86e8d896211ea416a7a48606b587000c09af97ec08aac8a79f5a9a733c1d22a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\caa02c83-9d02-4786-bcfd-b98179ac0108

Filesize
982B

MD5
74f7ca1064d1feaac639ded1b1e4799a

SHA1
566fcbd9bc777e610cdadc19b9b8b806e0f3847f

SHA256
b9b288998f394c42a4d47ef2a18534a2527643ac55b23ff5366f26a8b3e22c80

SHA512
5413dc1e0e7aa030a8a2b398bd0a5252f2b38e93d3ff46266081e23292acb3f3812081034ce7c66105964e2c57b573fcb2568b6697b543610a9c420f81610ab4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
15KB

MD5
c9149f68279d161012b87f7129bcb245

SHA1
41a1a63c174f0e5d4bca26ea9cbcf9027bd048cc

SHA256
35dbfdbf669a67aed658797db71098af05365eaf241d10b8a79f07a582937299

SHA512
59387af21eeb2bd123bb5baabe4947283eeccc5ce0e8df975714d7be62a5b21f972ecb29d6cbd6211dad029bc840f9106b83bb1c52681839f9b558742b5e4fa0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
d08cdd3c1fc480e10bf12377fb94eba0

SHA1
302980382d0e43e180538ce8ed90a92c598da509

SHA256
3085c86562852ffa18d278d3db5a33474de657bd4a6dab0e476312aa60366860

SHA512
42068bae6c3a8cb93157bdb1b2089224b495dcdfd021da5b815b2679ea59ffc888702e47a7803b152c67d49ae3c3f890e882262a9a1944f1d72386319312f08a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
11KB

MD5
01e0b8908888cfb3b726611ff9305660

SHA1
39c2f81a5ae9cc28bedc32785527085698c9c10b

SHA256
f788c4ce6413e11b3ba2fed4fc6b4201899985ae4aa229200d598421473a258a

SHA512
806e0ad314eb442367e62ab563ac65872c7464e9b55769d4ee8f833a27a0e5de317b11d7a26b4f088eb004fae5d6d733f909be969d7a9706a9fd39fb4356fd79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
e8a7d07fe44a129b1361b1a3de8d1ed0

SHA1
460ebfc0a299157d89840dcfb10fbe19c840cc4f

SHA256
846b5c421644a1f5fc93a291803858645ffdd4299583009569bc2c3dc7a1d6e1

SHA512
911dec41cb24b5df1c37d9d9f4c3cb0f5bd5ae11f42b47ba1fb4349206e703a383494e2a413bec608a8d9f4a4da387c8622c0bd34870f9acc195ca59374d8b21

Download Submit