1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38

Analysis

max time kernel
123s
max time network
148s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
Size

898KB
MD5

ef36a9d0a39819f32e344f22f0746260
SHA1

34174c34da0b36c94c3ee7413d22b35dad4fdfb3
SHA256

1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38
SHA512

2a44dbf7d61a74aa05150d70ce9e035f819a78f31ed95f65fa1dfeba6391e671fb401cf87ea36ab5d68f3acdf743f85f0be00a7655ed6dcd84d694d902e1903e
SSDEEP

12288:QqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/Ts:QqDEvCTbMWu7rQYlBQcBiT6rprG8abs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2096	taskkill.exe
1932	taskkill.exe
2680	taskkill.exe
2736	taskkill.exe
2496	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2496	taskkill.exe
Token: SeDebugPrivilege	2096	taskkill.exe
Token: SeDebugPrivilege	1932	taskkill.exe
Token: SeDebugPrivilege	2680	taskkill.exe
Token: SeDebugPrivilege	2736	taskkill.exe
Token: SeDebugPrivilege	2728	firefox.exe
Token: SeDebugPrivilege	2728	firefox.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2728	firefox.exe
2728	firefox.exe
2728	firefox.exe
2728	firefox.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2728	firefox.exe
2728	firefox.exe
2728	firefox.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2496	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	30
PID 2500 wrote to memory of 2496	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	30
PID 2500 wrote to memory of 2496	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	30
PID 2500 wrote to memory of 2496	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	30
PID 2500 wrote to memory of 2096	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	33
PID 2500 wrote to memory of 2096	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	33
PID 2500 wrote to memory of 2096	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	33
PID 2500 wrote to memory of 2096	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	33
PID 2500 wrote to memory of 1932	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	35
PID 2500 wrote to memory of 1932	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	35
PID 2500 wrote to memory of 1932	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	35
PID 2500 wrote to memory of 1932	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	35
PID 2500 wrote to memory of 2680	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	37
PID 2500 wrote to memory of 2680	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	37
PID 2500 wrote to memory of 2680	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	37
PID 2500 wrote to memory of 2680	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	37
PID 2500 wrote to memory of 2736	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	39
PID 2500 wrote to memory of 2736	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	39
PID 2500 wrote to memory of 2736	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	39
PID 2500 wrote to memory of 2736	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	39
PID 2500 wrote to memory of 2684	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	41
PID 2500 wrote to memory of 2684	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	41
PID 2500 wrote to memory of 2684	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	41
PID 2500 wrote to memory of 2684	2500	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	41
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2684 wrote to memory of 2728	2684	firefox.exe	42
PID 2728 wrote to memory of 3000	2728	firefox.exe	43
PID 2728 wrote to memory of 3000	2728	firefox.exe	43
PID 2728 wrote to memory of 3000	2728	firefox.exe	43
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44
PID 2728 wrote to memory of 624	2728	firefox.exe	44

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
"C:\Users\Admin\AppData\Local\Temp\1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2496
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2096
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1932
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2680
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2736
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.0.531413770\1834599243" -parentBuildID 20221007134813 -prefsHandle 1264 -prefMapHandle 1256 -prefsLen 20769 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce4d6d5e-89b7-44ab-906e-ecdd97f7771b} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 1328 3eefa58 gpu
      4⤵
      PID:3000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.1.1505091646\71078085" -parentBuildID 20221007134813 -prefsHandle 1532 -prefMapHandle 1528 -prefsLen 21630 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {551b5b1c-9fcb-4a7e-9d44-e3296b9ca044} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 1544 d74b58 socket
      4⤵
      PID:624
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.2.1572696612\1093969699" -childID 1 -isForBrowser -prefsHandle 1924 -prefMapHandle 2092 -prefsLen 21668 -prefMapSize 233414 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47380b74-e445-4e5f-855b-f705c4286a8d} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 1964 19fe4958 tab
      4⤵
      PID:856
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.3.824203487\699786488" -childID 2 -isForBrowser -prefsHandle 2896 -prefMapHandle 2892 -prefsLen 26138 -prefMapSize 233414 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9c1ecdf-ea96-47a7-9526-1fd45406f19a} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 2908 d5d258 tab
      4⤵
      PID:440
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.4.1306877691\24473444" -childID 3 -isForBrowser -prefsHandle 3736 -prefMapHandle 3016 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {213d76ab-a8fe-4453-baf0-9c7b8d0957d9} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 3744 1ef66d58 tab
      4⤵
      PID:2748
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.5.922104018\1495302236" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3856 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e934d23-8987-4490-93f8-fb822c767963} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 3840 1ef66458 tab
      4⤵
      PID:2768
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.6.1859201844\1945777625" -childID 5 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bb0a8bd-0cad-47a5-a82c-96e6dfb56077} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 4004 1f286558 tab
      4⤵
      PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
875b02e92ff23c48925c81ebd2afe1bd

SHA1
220e2dccb373a5d3e23a2cf400f74aa1fc75ea1a

SHA256
dd536f615097f4ab1a2b6bde44dfb37b679ade2ae87c4f5f620d4de1ed5e8a5d

SHA512
14c0b06748d9e1261fbfbe48351858f41e64a960ed69071053c97bc3878f11f99d1c090136624aaab1bd8621fe3f13ba333db49b60ac35e79f5cda5b5cd9e52b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
13KB

MD5
f99b4984bd93547ff4ab09d35b9ed6d5

SHA1
73bf4d313cb094bb6ead04460da9547106794007

SHA256
402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069

SHA512
cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
6.6MB

MD5
bea7560a646b4bb01aa04c31ff99b767

SHA1
fa0845d99b2cb49cba91a7565ce971c161cf3644

SHA256
3998b49a97e43b109d343424f6a9fc23b4fecd4fa3d0f4725cb87b4a8af05e81

SHA512
7c02d0d2156b9aa39f12fa009c0275ea59cc1e56cf7261e9be98067290bb7e2d50a3567d624a69f629633b00c8c332afef6a66f307a000411371b1ef2cd3094d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
8b4fd4d04ceb06f2137a1dc10862e35d

SHA1
ab368a4814dc062daa273e5f56eb97f1b986a750

SHA256
84fce6a36a3f951cf7aba4eca9553eba155a11c02b174b160c6ce4bd28147604

SHA512
59f6c5ffd6ab17e1e6b7b0c171e06a38a15ad54d29ab5dd79475a42ea913d2f70d59d79dbcf40a7cad6079d79c7eb3b11b1ee0ef2d239c042320cedf090044cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\b6bbe8d9-3029-456a-82ed-401aee94d65b

Filesize
11KB

MD5
663c8e708d7abce56c2703e9a2ad091a

SHA1
558fbe36f1a6193fda3da62edb188560ac781371

SHA256
bd46382f7e8085a2acf3c458ba1c345cbccbb62160b4045312005a5537654b28

SHA512
b8a8b66850319f672c80c3b9e3f06d554833e8cea4063e09c4dc32504a0300fbf26c91644af2aa9cb6edb3fc097ae016978ff3c7b67163cc390bfe698a5f01c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\c5dfa65b-dfa0-47d0-ac79-d33b538bd76a

Filesize
745B

MD5
1c5ee9afb915920cd37c5be8eccc755b

SHA1
15ff9eb3716ccdb5333edea0642f431d07543d88

SHA256
61dcb8a8323d740bcf5ff9864dd8288baf377d74c8e320e246cd1348cf9d677e

SHA512
19096c22eea557aa7e5a2e351e9f88917875af36a8752f2a440560730e95784cb3546d935809be111071aa5d6ff6eff2ad3ca1d31c94f4dc4388fb2b64070f0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
6.9MB

MD5
3729d0362c86720e1bdde0f74198371a

SHA1
8b4e6bf757d336efe94eb8c9acf41b79b41573d8

SHA256
46843ac35e71c8f5b84f705329efbfad547f53ba7cdb82692a5c13fa3ed714b1

SHA512
758484f5cab7f2fcb39d394382629170dd68a8646de9832829817a36c6ef2ab8966f2d5930a2c23687c086e0ee2326387c1a80a072587309e8fa7a87d9df46f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
7KB

MD5
74e8136356929043cbe9ae7a76ae3e40

SHA1
d2e85eef9bfd59d9ee3dd56a3a8b11a90daafee9

SHA256
e17644d055dc06d223f5be7fa19ed3dd069f9af25da942f84350d4bf0ef25ccc

SHA512
2a96ec26266cc35b91c27a332d32b2f8b8be206c89fc5b5de7a3a24300aa53f098802f624a7101ca5f7c540d1a471bc0b9201959e5d6732ac08a4fcd71e65e84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
7KB

MD5
0a785b634f205167c780d9fb328cda34

SHA1
d87645fdeaec9290615a0ead9d54e61fbd3dd52f

SHA256
b1cab4127fad5f88f612347e30672bb607e4f155e4fa45e3c03e06da4603e89f

SHA512
bcb029805c66d0012b137fc0089305f394ac5bf10bd9ce1ff64d83ca48741ca58c19a49df079e48a2ae65ce1261b8c0a3481089c9dfe61aae54f9b34cf9d5502

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js

Filesize
6KB

MD5
abfa3b7a5604e6144167163eb112a83f

SHA1
d959e86e0745dc7d49691ed14032ee7f1af07d8c

SHA256
80b5d401c04fbb65a712dbc25d0624b2a11708e3781e126499465ec8a5fcafbd

SHA512
93609b6a586d2c616900e28c9635b2ad9fb41be42ce4ada5c65d1faa670b1f57d444ec7ba53e3a18fe3de3102c01a0048e73fc4676fead5d518d9aa12d3e01c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js

Filesize
6KB

MD5
12ea6f5d747244aabd5f0049a545bf1e

SHA1
b8d28940ba57d92258b9e38c08c49478c9ff4b1f

SHA256
48c92c7502db4c7d8217952fbef6a2271ea01c6ef59c8822e2c938e710ab6e48

SHA512
fc61ca8476583450b2ff8ccd28e70bd750d2dd13ec166dace9b76eed961fea913e4583bf25deaa96617b8ed9b226d8729b761c9b2aa536d89ecf4c008f19fe3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2d9c89bd3f966313bb4917f3cd7f30c3

SHA1
30f8da3e1b563fc1a2c4b126ed87148e466fa19c

SHA256
02fa865ecfc68ee111b26e35afc8def55fc956cb1289731c791d56219b3119ff

SHA512
2e3db8c38d2a70debf69ef118a1b7124471c4265d23df25959e87c31a24a5b4d35eb23b3bb7cf2537699097b64e7a7a19de820a1bd29bb33a64e0f820a960c9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
3dc733f51b6c47c0e57ae7035b9abacf

SHA1
d4c28a6f9d4bae9e297440a46726a2cb3e2504ba

SHA256
aafa700fb884f14becaf86a0eb9df79dfa15885b2ebe11cabe5f48a3a5d9e0e1

SHA512
e02670f6fa626a21ad150e0e0e589ba9f1f7a1fb921dc28f4117dc0a30a337b9c9b165dd0a30da864fe4dbdf130372e846648792a0bcf5aad4e8d28118101067

Download Submit