7d09a69f6aa77fa98e6a6973963b776178a53a6a7c4b48f05a66e573696b0239

Analysis

max time kernel
127s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

901KB
MD5

b0302cbf18ab90a0e43b26f4b4940c46
SHA1

804696c2bf2f8e35ef2dcfeb1b33c50eced20b4c
SHA256

7d09a69f6aa77fa98e6a6973963b776178a53a6a7c4b48f05a66e573696b0239
SHA512

1aa4e5767f4a1948cd0776ccf01865763398bc1ce72cc6df3768e74d6d30ab79006aa31ff0ee1880db99ab068fe0f2c741c55fa08697ed68f5cd54c5d362e15d
SSDEEP

12288:AqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaQT9:AqDEvCTbMWu7rQYlBQcBiT6rprG8ao9

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
4848	taskkill.exe
1584	taskkill.exe
2088	taskkill.exe
3088	taskkill.exe
3188	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3300	file.exe
3300	file.exe
3300	file.exe
3300	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3088	taskkill.exe
Token: SeDebugPrivilege	3188	taskkill.exe
Token: SeDebugPrivilege	4848	taskkill.exe
Token: SeDebugPrivilege	1584	taskkill.exe
Token: SeDebugPrivilege	2088	taskkill.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
3300	file.exe
3300	file.exe
3300	file.exe
3300	file.exe
3300	file.exe
3300	file.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
3300	file.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
3300	file.exe
3300	file.exe
3300	file.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
3300	file.exe
3300	file.exe
3300	file.exe
3300	file.exe
3300	file.exe
3300	file.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
3300	file.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
3300	file.exe
3300	file.exe
3300	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1044	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 3088	3300	file.exe	82
PID 3300 wrote to memory of 3088	3300	file.exe	82
PID 3300 wrote to memory of 3088	3300	file.exe	82
PID 3300 wrote to memory of 3188	3300	file.exe	85
PID 3300 wrote to memory of 3188	3300	file.exe	85
PID 3300 wrote to memory of 3188	3300	file.exe	85
PID 3300 wrote to memory of 4848	3300	file.exe	87
PID 3300 wrote to memory of 4848	3300	file.exe	87
PID 3300 wrote to memory of 4848	3300	file.exe	87
PID 3300 wrote to memory of 1584	3300	file.exe	89
PID 3300 wrote to memory of 1584	3300	file.exe	89
PID 3300 wrote to memory of 1584	3300	file.exe	89
PID 3300 wrote to memory of 2088	3300	file.exe	91
PID 3300 wrote to memory of 2088	3300	file.exe	91
PID 3300 wrote to memory of 2088	3300	file.exe	91
PID 3300 wrote to memory of 4340	3300	file.exe	93
PID 3300 wrote to memory of 4340	3300	file.exe	93
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 4340 wrote to memory of 1044	4340	firefox.exe	94
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95
PID 1044 wrote to memory of 1888	1044	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3088
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3188
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4848
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1584
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2088
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1044
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {759dfc65-9d17-4278-81cc-f49ff0a4ff88} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" gpu
      4⤵
      PID:1888
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c36c1b1-34b5-4d99-a397-70c7c954ad8b} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" socket
      4⤵
      PID:4024
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1632 -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 2996 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32ce05bf-8a57-4817-ba18-afb288a12d7d} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" tab
      4⤵
      PID:1376
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2736 -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 3620 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9b43eee-3aef-478f-968a-c5d2c6a57ba1} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" tab
      4⤵
      PID:4168
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4688 -prefMapHandle 4684 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f96a6105-c9e5-4bd2-a687-5a624483156c} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" utility
      4⤵
      Checks processor information in registry
      PID:972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5316 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d805b28-7a17-42ae-b4cf-6c17109a463d} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" tab
      4⤵
      PID:4420
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 4 -isForBrowser -prefsHandle 5564 -prefMapHandle 5560 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf3fc2c-5e8c-4b0c-bc8b-6b6441ad6bb4} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" tab
      4⤵
      PID:1980
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4872 -childID 5 -isForBrowser -prefsHandle 5712 -prefMapHandle 5612 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89f69164-23bd-4c38-929a-d254afe72ec6} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" tab
      4⤵
      PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
519df4f1429d398726ec78db9d816023

SHA1
3cc6fd37d94487a27f271906aefbbf7121b8d3f3

SHA256
d4f563c7c7777edc6bab1075e90bc41b61dc9eff226ecd4e42c0270ad52df150

SHA512
b4d0f3cfc9b220fdf233465aab5a984e826cf5cc609c6f4efa37181864763008c5037293306140c75fbc276ebc62f8bea1d038aba56bef4e4bbfff381f156961

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
1d9ac98495ac7aa749f3373c4a5b9d93

SHA1
0b3e0a3cbc3bcef3e2f2ec7e2cef61bda640ee29

SHA256
971d8cdc97fbba7d2d39ed1785a45bc8e7abc3077681ff8eae116b2fa2841236

SHA512
ab145f98baa949c9d3ae66d132f310a3188e0e66e0d6619dfb929ccb0db17d94120258ea787928bd19288c047d3095a902b6ead31881791b70f8941531f6a643

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
6KB

MD5
37623df5ea99082cdb9e252574ee5a43

SHA1
542812a996cab1b9b9a1173e75c661d353bdc1ac

SHA256
310534983051e60940e54159511f2eca0b95dac35277ae59b8911edefc101f5c

SHA512
2d46c5e4553c9c495a9ec421df7c4a2d818e3b9f4456fa0c5cd508efb80a85eb132d0dd61a641c147b3380498b0c046bfae7b7df0d7feb824fcc8dd213a4096e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
10KB

MD5
0a1759934724486a39824e49e35d110a

SHA1
0c24bbec3f7562721b2034b02fe0e8d1b9ad96b6

SHA256
e5d93ea3a8ec54bd603fd4112ef3647ce6c63a701a4ceafdde663016c188d3f7

SHA512
280efed72d4bc356bc52ba1fc31f61622ca911916c7432c8327ce602ee97a59597b9787b58b02412ca143a1953a8c77956daa054c91e4de693f71e364e3e4222

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
f71cb482f16907ce5b90c5b8b0ad9500

SHA1
327c75b4b7efcd5da70b1bb193519be4581145e0

SHA256
7d9d1d5d212300e03dbc4ff6f21f82db913238ce119ad90b75dc1b73f5b96e8b

SHA512
4b3a152f6995d9b03f8eecd6f10efc982215ff05b97c173922caabe885bd2bb8378f348ae51b8b9e5f71a2fb2b45ccd676d971e9c35c75fef49fa4ccd53170b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
be9e7e35f792c08b531d1d10070c647f

SHA1
ac8572f1c08660b491b819fd826705f9d0b4aefc

SHA256
6f52e631b02b272da01e6ee9893b250609d4455e9a4f4ca827d4bce8e7632e63

SHA512
53de130e0b50399f338888e5aa92fc93fe77c687e039cdfbb824de70758ae591b52ac36afe271ddc9a8c13c641cdde5232ac99b9f9f5481fe7add670d1e7fb1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ce1aec4d75d083050b9ec9620daf5049

SHA1
dcce59e7048f89eaa36de814e9657f32e9002fc0

SHA256
4c9b1788dfb26517113f8d9eaa1197f21906673dbbbbf6e421f99590028e9937

SHA512
11b50b75e15f584e1cf9be43b3f02f99abcb9712fa9a8e8a6b59db156c12a224e2876599694c00c17b4e22d0153c9b63e97df6c93f21bf778196586da955cb55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
813f9760bcca583fcc2b7976b09eb62b

SHA1
592b953343c7c256a7d3b711acaee09214f9c7a0

SHA256
0cf908e9fc92dfd2e59a9253187b275f8a6d95a9f0c89e5cbe2ef7e817a36860

SHA512
7390c16bb285cfe2b790580e5aba4e5fbaa38ac95d210bc7f2d06ec64682be102f8a3fb28208e4263e608421177a1ce8b07bd808dbc3a0d0b87cc1281b00a4f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\4999858c-aa5d-4e5f-a895-8b127796ce97

Filesize
26KB

MD5
d00aa183015ec3a751db68bd7fd86fdc

SHA1
1cb4627807aa24e561eaa800a74201e35fd7c867

SHA256
5e094ced1971d466430c9b22d3b018bf68ee513578a41a8f94fb2ccdc987d7f7

SHA512
d2351db2a618d7873345715cc4cdb6c98096471ff7f68612d0e84ffbf008e129c00a1ec2b81ce05f31c0c37243fed38463535171c09303ae4d8c152f41ac75d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\d66e07b7-c88e-4566-9e70-b5962dc29d01

Filesize
671B

MD5
254d70cc6e9f8b2da9b1745d743244b9

SHA1
3f65fb64d680c7f00384585b4b970806b664d2a5

SHA256
d2c7bdb978500c319d0560f90a496e8c4cf14249e87549897ee4a068a48b3ecd

SHA512
82ed48794cebb07900f5036587c2eeec92c4a4ee87b311918442e97ffac38da51bfe14702572538b5ddcff1174b79ac71138581f1300fdb89c8e03cafb5a8d67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\fac77e2d-ec65-4b61-93dd-796165536486

Filesize
982B

MD5
468ebc50412498568afbcf172c5ad02d

SHA1
421422ca2ccab634b92ac4d937a648a3b73a17dc

SHA256
bbe4bb9c387127efb1d5a8a053ce903eb42dc1ae5189282c85f5130178066ba6

SHA512
117ef3aea2cf575e6297c0f3b53c6439f63c01abd85d8599071a429c903a9f0cdd74937c1fe8df47b63cba8e03a47a135033e325a7b9c4476d68d2c6139423da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
11KB

MD5
b0aab129257ac17e44531e550e613439

SHA1
268504a5943627d268e37f9ee3b4c9002c4ff328

SHA256
c832464ba2e7cbc0904020c7f460b86f3b6947e37f22eeb2d57ae747b4ef5609

SHA512
8ed727cb51f9bd9c2354a41b8b448209ccb42a59dd0b3c0eda7fe6274db4f027dec1559100063173062e83a7eba7b7a24e6ea7680054ee43837290642ea85d32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
15KB

MD5
be7c688d709ae534ada2587eec0db8ff

SHA1
bbcfcb8e4fb508a5864fe34774933a5e38d6d80f

SHA256
a765a45385b5d9a191607537bcaadf34d1509b340943b7094d4dc6b89b5fe206

SHA512
9563b0e18ebdf5d8daaa76441f2fb37a978e3c49e20c761a5a2f65c72c8d5417b855c3d75ee99bedc7f42c4291a5d574dff8466d5c1dcc842de79ba7f19fa86d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
10KB

MD5
97e366031ac99ba99e46b7cf91051cf4

SHA1
01034af62186b30e736351030c77af71706c644b

SHA256
61773169931d7c15a44da7d15da1b886bac182664dd655ef155e1fbeaa8e43b9

SHA512
96bca018b692120f861ff2e7660e8ed7d3ad89fc0c46d87058d45734a69e84e949102a9c8b7e4bca4c84ccf1d67c89f3287de68e91234db9353a2a85504904f6

Download Submit