3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

901KB
MD5

8894eddd213de906738c3d7c80d61c7b
SHA1

cd385cbc6e01d0306c9c8c10bf31b597fbd6174f
SHA256

3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976
SHA512

dd75e691ed55d23ec4a727d845e61ff0db8bb735b2d2845e024749eaa777560b3a12d8dc74af745fcabe1a5f20d60ed733b126eaf5acd8416cef83abda81c2ec
SSDEEP

12288:0qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga0TZ:0qDEvCTbMWu7rQYlBQcBiT6rprG8aUZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
596	taskkill.exe
1988	taskkill.exe
184	taskkill.exe
2372	taskkill.exe
1260	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3416	file.exe
3416	file.exe
3416	file.exe
3416	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	596	taskkill.exe
Token: SeDebugPrivilege	1988	taskkill.exe
Token: SeDebugPrivilege	184	taskkill.exe
Token: SeDebugPrivilege	2372	taskkill.exe
Token: SeDebugPrivilege	1260	taskkill.exe
Token: SeDebugPrivilege	2632	firefox.exe
Token: SeDebugPrivilege	2632	firefox.exe
Token: SeDebugPrivilege	2632	firefox.exe
Token: SeDebugPrivilege	2632	firefox.exe
Token: SeDebugPrivilege	2632	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
3416	file.exe
3416	file.exe
3416	file.exe
3416	file.exe
3416	file.exe
3416	file.exe
3416	file.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
3416	file.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
3416	file.exe
3416	file.exe
3416	file.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
3416	file.exe
3416	file.exe
3416	file.exe
3416	file.exe
3416	file.exe
3416	file.exe
3416	file.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
3416	file.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
2632	firefox.exe
3416	file.exe
3416	file.exe
3416	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2632	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 596	3416	file.exe	82
PID 3416 wrote to memory of 596	3416	file.exe	82
PID 3416 wrote to memory of 596	3416	file.exe	82
PID 3416 wrote to memory of 1988	3416	file.exe	87
PID 3416 wrote to memory of 1988	3416	file.exe	87
PID 3416 wrote to memory of 1988	3416	file.exe	87
PID 3416 wrote to memory of 184	3416	file.exe	89
PID 3416 wrote to memory of 184	3416	file.exe	89
PID 3416 wrote to memory of 184	3416	file.exe	89
PID 3416 wrote to memory of 2372	3416	file.exe	91
PID 3416 wrote to memory of 2372	3416	file.exe	91
PID 3416 wrote to memory of 2372	3416	file.exe	91
PID 3416 wrote to memory of 1260	3416	file.exe	94
PID 3416 wrote to memory of 1260	3416	file.exe	94
PID 3416 wrote to memory of 1260	3416	file.exe	94
PID 3416 wrote to memory of 2280	3416	file.exe	96
PID 3416 wrote to memory of 2280	3416	file.exe	96
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2280 wrote to memory of 2632	2280	firefox.exe	97
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98
PID 2632 wrote to memory of 1196	2632	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:596
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1988
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:184
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2372
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1260
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17b43740-2932-4834-a379-e9cd2b8e2473} 2632 "\\.\pipe\gecko-crash-server-pipe.2632" gpu
      4⤵
      PID:1196
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06a7e08d-34e4-4209-8c54-66207c7bbb8b} 2632 "\\.\pipe\gecko-crash-server-pipe.2632" socket
      4⤵
      PID:2076
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3224 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7575cde0-9863-468d-b3dc-eb6f9051a8f5} 2632 "\\.\pipe\gecko-crash-server-pipe.2632" tab
      4⤵
      PID:1616
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3900 -childID 2 -isForBrowser -prefsHandle 3892 -prefMapHandle 3888 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39fb0ece-b74b-4e6a-a232-1b9c3efc337e} 2632 "\\.\pipe\gecko-crash-server-pipe.2632" tab
      4⤵
      PID:908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4856 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97957bbd-f34d-4995-9a4a-f424ff86b5dc} 2632 "\\.\pipe\gecko-crash-server-pipe.2632" utility
      4⤵
      Checks processor information in registry
      PID:2872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 5388 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16f345a5-e13b-402a-95b6-2cca41923a5c} 2632 "\\.\pipe\gecko-crash-server-pipe.2632" tab
      4⤵
      PID:3588
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -childID 4 -isForBrowser -prefsHandle 5184 -prefMapHandle 5216 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {477e884c-236a-413f-9141-9a3b77479c51} 2632 "\\.\pipe\gecko-crash-server-pipe.2632" tab
      4⤵
      PID:2040
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 5 -isForBrowser -prefsHandle 5692 -prefMapHandle 5696 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {760a11c5-38a0-486c-a8d2-81448c5bfbac} 2632 "\\.\pipe\gecko-crash-server-pipe.2632" tab
      4⤵
      PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
ecc8109773021af20e01bd39dae83d70

SHA1
fc9ca609104752e2f59c778db4f07174bbc96146

SHA256
213e2fee2955ca5430ecce4a66755ceb6b5e959ca3623fab5f4e856d4eb273a5

SHA512
4ba8c0aac5eda75156f16501e1876951251b82bbffdf20818e1da53451b547eb8a2b519e16e75c932622d155c65f1eecb16187b722c5deace30807e9ff932dc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
5a5b6e3c06867e7d7d6c613a02602479

SHA1
748ec3360d32adc15f05588e72629e5e447e2e4a

SHA256
63ddf23538ac8795a0894e55d0d6a40206d1629f8f7275655f0ffcaeedad8ea8

SHA512
fa2afebc6726135191b44f8c13f07af4fcdb270807073b7328d4d063b38e5555863e12c3cf4616c502741fb20d33a13868accb5bca50c444547a39a1cff07938

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
6KB

MD5
a6fa1860ca57b8bf23f65ef8d59f4ad1

SHA1
6690513104187ad201b46fde2bf0f59206fcc161

SHA256
9a741427175134bc700b0c73456b5f11a450368a114d875fe7de00307869b087

SHA512
1a4d95ae4960741b011ba9872e0c4fb17eff1b11ae6a79834325cdb8b8857768dc40fe2544269d6289619d6846c66d1d64a181f674ad137471b5b10d5228478b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
8KB

MD5
08474645f4fec61b8fea3b5c224453a7

SHA1
d2cb60bc3268a01b06290f9d2bc92744f737f50b

SHA256
2345d14b13c1f745bfbcd69bb88f914c7ee7333edeb300aa68bc0de0dd33e99a

SHA512
927a9121c7cddff7a66aacc3c15887b2656990ad05688d57372bc628d3c9be21b1440d8a072527b53badc21c855cc8b0e5676d527c3e79cefb500a033ee37fe7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
724d49e2606d82e0c52599d1af9f3aff

SHA1
cb65d87a39ff42b8c07c1e15e30e652eacb11d1d

SHA256
39ec50a8a52011ceb0fc8ed855c680f9c4d7e80008a0c05615edf3cd6e1ae7ea

SHA512
2f1de8e4a4519beddfc9ada8dced0eccb4009f76c16058efa8d5d3af656656d623b4a052db2149b0eb97b97faa1a354b81d0a1e021ac4b264667f3cee012bf10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1a1786fa7c8a82e05142adfb9914fe33

SHA1
ce3efd2b233148c87336836efa14604bd52abfda

SHA256
f1f092550b045583aa8786e9fbacaded8ff1e9f351e9d0a4b75c8529a86a373a

SHA512
32cd841d56c8387cc2355c62081e1d2ccb3e3eb5a3c96af7b919e7f3cfb5f97d4b55508159dae5d326d92c9c91ab0900624596c2d1371376cc69da76a99d2b3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c3d7b73142fe5408f3450925dbeaba72

SHA1
0da9787a0bb522cd9c60c57e4fdc84c137036eea

SHA256
7ecdcd2ea77c591522402a72093507d175f49b1495448ef7c50b0f6ce21e86af

SHA512
674b65ff0f1128623844c882ce8b46ef723a15a23ae977a1daa3d65c27c421cd1fb30b3addfb04585af0d81bc158eef06ba2d2c5986689cf31ae4162a8f31a93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
97d3e3eb795aa02f5463519347a75323

SHA1
e3e75a4cd1a8d0054ba89d51510d25f6b732cb94

SHA256
9cf58698bf6d10ec21aebb4fe87a69049c267b3625e9192af006437af0462eb6

SHA512
0acf3c281274dd6153876766c59d1ad6a1b00ef6efb05dc0b68335915b514eea6be7a2680deb47d628b039575e5b64fe940e52b70e2e3ea06e0aea485aa15fe6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
71a12a86efca2e53471f0bcd99d2605d

SHA1
d98faa95bef65233f75b792d32822ab8f6013f2a

SHA256
fd1ea0e71e293dff95d1723fb34f3da57d119e28862f6205856a00f0a8a0b6f5

SHA512
97474b1542460c776846312fbe0dec37228ebc4f6a6e80a25fc6235855bdb97511d9f4d02dd26dd61d4d3dc1a43ad909bcb886b5a060e83566ee0e48f12bc1ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
220124758e100d347f7751486e0eab5c

SHA1
2579d8b1762c2de1e940a2540a4064a146d1d8e6

SHA256
117a7de15f6db90a4cad7b0192839f20162daa44d76f938b07892da2b8ce450a

SHA512
234f34e2f2e0a20317a25a1d61525bddafe8c4729c9c6466d918126a2d6056c5148f578a17bc95e350dd94e1c5b39bc93af7fd296a0590bc1c2bcb390fa432e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\66177200-989d-4a20-b1df-06dccf81f3ff

Filesize
671B

MD5
c333400892a9560964e46946cd49f5d5

SHA1
7cd52e13f91fdb0bf081edccf80bab367a5be5df

SHA256
c91a0b3adf8251b397a1435496091839a242c1817ba89714e68197fbe97cd36f

SHA512
843d7fd7f743a77b8f78552c858998257ce92750bc0ac6573d2650616fbf13fbbbf3ca9eacacd692392f4619ff63bb69fd8407d68f594ef9aeacbf40e1c5ef0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\c5ce2789-1522-4332-a187-5061b1658458

Filesize
982B

MD5
fcea602f150fb683833552e61744d34d

SHA1
cff17ac2a05e64394b419d0d3df48a1367fd0bae

SHA256
91aa15bb38a834934eb39e6ed1fbad4cf099fc831532913a7b61fe8559550d76

SHA512
0eedb29d971ab48773d1a2789adf454130a95e93967ea8d6c2929709d649687364f0a76953b53bff1b049805519c244fe3f28433fce35baade0f0a3e5d9294ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\da60a777-4d8e-4178-bd4f-41c7bd934e7a

Filesize
26KB

MD5
62e6120b2c74220f12c532d8bd07beed

SHA1
82f61a94ee63ff8cbecd5417548ec454906105c1

SHA256
342ffe48fa8b50b65ef1c275a00c720f34823a5239ecfc68d4f5bfe9b741f32b

SHA512
088cb29d77362b028251c7668282954b1730821c1e0a069d18f796c19036925f4c45deca98825c4dd0d3f82338694181e6aa6055a0d40e20c8dda775f0ace3e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
12KB

MD5
87139bc2d0a06e0fddf34e0855fa5d66

SHA1
0fd0bc2078e1a8668d0ccce8c4e2b6e0b73302a3

SHA256
1d9603d9bb52a5eeaab7a3016e23ea8f83a10bd95ae295513ad454fa90e3d456

SHA512
3708dbb88b53fefff16cfd310701413e76ec4992609ab86659c5c4c74cd6c2016bb3f2d3de62bf7ef30bb447d45048cf8dba1ef8c80c58b401d052c67c85ab82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
15KB

MD5
0b4235f375f9191c5234b56dfe98714b

SHA1
be8daee1eef500a0713837ae374e839f7f37b71d

SHA256
48549c2bd0a87ad476b9df020b30dfad09be5abff6d3420ec427470abd7e85e7

SHA512
2cac6c894e94d023c6709bbade246e9f27846877b649c9e0211be48ff68195e1f0fecbd25f8bc0eec38e2eeeaa1a341895607952a998eb170df036ab28cea0d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

Filesize
10KB

MD5
1acdc6c439a23ed50caa03765e4d184a

SHA1
8e84292f752d500a397f4ec64e997b55cf865b2a

SHA256
da9e7c990a61d711f1cf6178b24f253c067923c535a9d5724dc17919732d2aac

SHA512
915c2bc919af35ca99c066d8708a622412a6596109fca381b878caa54f1122beccaa98f19d391a98f16818e210d841417cbefedc960462df68f4eaeffc1e04fc

Download Submit