41e1a023075295a1c20f923bd4651405bf893ddb7694605f7c576d070c9b8579

Analysis

max time kernel
132s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

900KB
MD5

b6f1752f8523257a02dc2b78c05025d0
SHA1

7fc0650f993cf2d6c2796e970f55105105dab707
SHA256

41e1a023075295a1c20f923bd4651405bf893ddb7694605f7c576d070c9b8579
SHA512

6bcecea3c0e5e37b79b08125e3d49de904a306809f3f31980b205ade0ed72823304387cad59622813a7932013af9cb527408b9aa11c37ac7d26fb7c2dc40ca42
SSDEEP

12288:mqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaCTc:mqDEvCTbMWu7rQYlBQcBiT6rprG8aic

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

file.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 5 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

2196 taskkill.exe
3568 taskkill.exe
752 taskkill.exe
3232 taskkill.exe
2272 taskkill.exe
Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

file.exe

pid process

1696 file.exe
1696 file.exe
1696 file.exe
1696 file.exe

pid	process
2196	taskkill.exe
3568	taskkill.exe
752	taskkill.exe
3232	taskkill.exe
2272	taskkill.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	2196	taskkill.exe
Token: SeDebugPrivilege	3568	taskkill.exe
Token: SeDebugPrivilege	752	taskkill.exe
Token: SeDebugPrivilege	3232	taskkill.exe
Token: SeDebugPrivilege	2272	taskkill.exe
Token: SeDebugPrivilege	4424	firefox.exe
Token: SeDebugPrivilege	4424	firefox.exe
Token: SeDebugPrivilege	4424	firefox.exe
Token: SeDebugPrivilege	4424	firefox.exe
Token: SeDebugPrivilege	4424	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

file.exefirefox.exe

pid	process
1696	file.exe
1696	file.exe
1696	file.exe
1696	file.exe
1696	file.exe
1696	file.exe
1696	file.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
1696	file.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
1696	file.exe
1696	file.exe
1696	file.exe

Suspicious use of SendNotifyMessage 31 IoCs

Processes:

file.exefirefox.exe

pid	process
1696	file.exe
1696	file.exe
1696	file.exe
1696	file.exe
1696	file.exe
1696	file.exe
1696	file.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
1696	file.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
1696	file.exe
1696	file.exe
1696	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4424 firefox.exe

pid	process
4424	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

file.exefirefox.exefirefox.exe

description	pid	process	target process
PID 1696 wrote to memory of 2196	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 2196	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 2196	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 3568	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 3568	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 3568	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 752	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 752	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 752	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 3232	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 3232	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 3232	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 2272	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 2272	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 2272	1696	file.exe	taskkill.exe
PID 1696 wrote to memory of 4140	1696	file.exe	firefox.exe
PID 1696 wrote to memory of 4140	1696	file.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 4424	4140	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe
PID 4424 wrote to memory of 4596	4424	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2196
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3568
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:752
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3232
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2272
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4424
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13bf7775-b847-4bab-87ea-e0b0e9290124} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" gpu
      4⤵
      PID:4596
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2400 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d2dfaec-2603-4cc7-98d5-9d12678d7022} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" socket
      4⤵
      PID:1456
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 1 -isForBrowser -prefsHandle 1536 -prefMapHandle 2764 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6db99663-8410-443c-925f-3e7bdf1d4941} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" tab
      4⤵
      PID:3004
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3952 -childID 2 -isForBrowser -prefsHandle 1284 -prefMapHandle 3964 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05925ae4-0882-4bbd-8e6c-397d07d9e021} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" tab
      4⤵
      PID:1172
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4780 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4840 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f844eb7b-3f3c-4047-80da-33c6c4258192} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" utility
      4⤵
      Checks processor information in registry
      PID:2424
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 3 -isForBrowser -prefsHandle 5320 -prefMapHandle 5316 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72fcdafe-3784-446f-b33b-4136e93bca06} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" tab
      4⤵
      PID:1832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 4 -isForBrowser -prefsHandle 5488 -prefMapHandle 5496 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30e32998-5c8d-4eaa-abae-e4d1b8c432e1} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" tab
      4⤵
      PID:4844
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 5 -isForBrowser -prefsHandle 5756 -prefMapHandle 5752 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09cd61ac-455f-48f7-848c-afcf8963f4f0} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" tab
      4⤵
      PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
df4c8265856a176d5e92de9758a9e098

SHA1
2d239a3322b8bf2c6700fa51e2b31c984476c316

SHA256
0a61f0797c3f35c3a74247bfb513a5f33623e2b1743f3d8aeff239120209b92b

SHA512
c20c3de90d4652a897a4d83e13383b906353f603142b8666c90c2997ebdf60a60f82660f25b2df3c05904601f112e0ec3a173623578ad27ebd96bd9a971200e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
d37f25c34534a85221e0b1e37f51b226

SHA1
1547819a68688feb0ec0adc8e3268adb4970b3b7

SHA256
1b9050a1970ead66143a52b13b7093e3ab60ba0fdf2a0914ca5bb64ad32c4594

SHA512
7f73df1415de7ffc62bafc1d69175312160bfd269df62ecf346ecc6d879fbee482fb542816be3d1e725f2f3436df2597b1432da14c7275c496a261ea5ac99f19

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

Filesize
6KB

MD5
bfdf245675cfa82c5190ac55046bfc48

SHA1
fa115d570c3cfd6c5ee0f484f289c096404ec799

SHA256
4a680c02716d0d8d5c493aeae0dfc53ce3d305497cbc5ff7533e08213a3e4704

SHA512
2e52c182595f31da0026ac5fb5eec72dd00b748b712f3b1db1fb45027e22a348aa8c0929ef30a3d1e428b1b00825ff9340c8c95dffd19a97bc048e9ec42bf87e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

Filesize
8KB

MD5
b260bda0c499f2208356805c409605fe

SHA1
229e6276c5769f2de7e00e52c69e79e3f96d0947

SHA256
c55f95b4412208381b83d53b8b419d611ce755bbf045584989d63a209782f110

SHA512
18eaa5a59fb5e198cecb5d0122f3060c6b4244eaf921adda4d1261527002ed1eaa13a68baf247f1a4cf25c2701ab82877f0446175e8c5e5e78619d532396c4ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

Filesize
18KB

MD5
efd932a115f533b9b43a7cb2c3a91d4e

SHA1
f4bfb8113691450f998ced30a62799fa3b6a969a

SHA256
5558048b8383568f488b676650d22c4de04bddba9798da258b2ce76fe7c01bf7

SHA512
49c7548a03a2e93e59f8105641ec1f73810124be6cf0079b714606b1f8cd79fabd5c73ddcd5d962993a83eee90dcc437f2de27e271076bb324d9f76227a1784f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5ac51063760925b80dbaa851b904a7dd

SHA1
a1de1d2162b48cf983b3628ca5be2fb274a63629

SHA256
932821172984558fcde00d4f13664176e7f6e26feaa2361a241d5bc26ca9f2dc

SHA512
c08b554eccd2666684dcdb52b6a2ae04523c12d50891525e4a949ed9e7f3ea8427dd6d9551b884fee4d4872286f09a2d085ada7daa0c756c456c5748003c40c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
d13cb43548bc87e01c863ba1e2aa97ea

SHA1
08ec5f26429cf8cf5fc70b36bf5e1799d64a67aa

SHA256
9c081d22b232d6b4d32d0b3316ad631a5267900118fabdfbd8238b897612288c

SHA512
2dbf7271139ea75feba1ec3cfdd11beeec019e1a12c3da49fb54913036ac7d786663726c59fec797fa7b762f527530d6369d1a2c6f5143f041bfd9b508fbc297

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
82060797cb33ee597b94ee36f49e9fea

SHA1
4b350b1682647c0e94dd61c941fe81d7c36fe8ad

SHA256
abaabb7aecf7ecd3fcd09165781e037198906570128194850387031a659e31bb

SHA512
0709c2a8ec42012c0ce4ffcac1c89c313a276ffa1d37b80e60aaaea1338c0a4402f5e0c4bd93c785b49124aaac421e2b63c3ef81244301523303e6ce4a953ab7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\604e7c2e-f76f-4686-8c60-da71cfc38d29

Filesize
671B

MD5
c9531ea00210dd9cf2646795a1a79c98

SHA1
b4f2309cc3dee5ea127c7b9e3c40535962c5d88b

SHA256
690b07fa6b9bbb600a580158bb8f1a93a8cb68501487e7a01657bd4e4f64a497

SHA512
83722757d6c69d2a8594645e09a8039f7572580d1df3db249d05ce5694e63f3ddbf1f916349d692397b166327227b567feb7c84e9077d74e9ecd79fb62b424f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\97c41ad1-d292-4118-bc1d-d30b30e94d7a

Filesize
982B

MD5
4821e92fda1d259004da9564b3149bf9

SHA1
681717b94292aa865c8897376e3fd38b4a8107ed

SHA256
57f26e2c8fb415ca4963da2c1d619861c0bda5cae81caf65600279ebe6d4941c

SHA512
06f8e29f9bb4c8869ae402c835443a1e19a46685c881cfb1b7471889dc9a76556a22bc35c5ca127a2187b5b32d52fa73f1793acfbf09ae3bdca66b5d0608b43a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\e1bb64ef-b39b-4d80-adac-8defc8422930

Filesize
28KB

MD5
d179b76b346e29e6bf3ba2ea1c34ed58

SHA1
91de34503f85d31fda520bf83064b81476c7314d

SHA256
e18c72c6e8d85aa190d94873af4c9bc5f2dbbd47d9ba9510b55e26430120e264

SHA512
a7c2ee31b661cd1e23a3761049008ccdfd7f29d7d8cfb8ad614176a6942111197b6cfa0ad35025e861bffbab84254849d0040d23e7eaf92a0bb13126d90f4599

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
15KB

MD5
016e1af75d7f2adb1dd79f0fd7246029

SHA1
ff678bd435e6a360054e366df0ced38eb48e27c5

SHA256
503fbf83bc95f38e1d73c63ee595035c6e2c0726be18ced4b7f4547227f9edc9

SHA512
0536a7ced602dec6d0e1ba744895edfe18f06c3c8fc891d61c27137ba6c07b5efc0a6f67cca13036c60e67bb35d4ea52c7d1ccedcca8704272f63675044fb8ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

Filesize
10KB

MD5
6025c8c8dc1c8568a351419638439ff5

SHA1
6be0d8f02ec3dfc8aaeb812add5c6866bd4707cd

SHA256
64fdffae686c4975187d62de6a1918c9e1fd6c9acb2434a6e9fe01a9898ada3e

SHA512
50dfa6a3a59e19a929a25271d1634473ae9056cad8f9c3122cb7f6799f3e9d9673c4b7ec6f3a6aec9376888868561e2e1e6a7698131a05a76c4e87d6504d563a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

Filesize
12KB

MD5
ee1992b8b49b426448bd6c1b01e77009

SHA1
0078509a150a6dd33b95539b78d14b3f2c201b15

SHA256
f40f8168a6aabde400fc45efe9a962722f7eebee7200094c95429772aacef3ea

SHA512
ce8dacfc39e7fd7d4adcf4524f3622c9e10e44b12eec2b7599873fe142951bf1d14485feabe0929ae7d58e92e422947695d446e43f6bac50891f6a092da983d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

Filesize
10KB

MD5
3fd464572c7f9f030762f3c863851c2f

SHA1
22af9d098daa71528817358193f86bdc8122fa15

SHA256
93def17aebe995b00a50829416778d347e1b5f0322f19c99b14cc4f7a8333504

SHA512
88f0fa06b6b648322fcbb01303eb5d9f961b31acb641e8120f5f04fd65127b4ec1cc1880a1a1ec6368ffb692cf90b42d8987a544bea3390281e637f8cd20e6e8

Download Submit