b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127

Analysis

max time kernel
123s
max time network
144s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
Size

900KB
MD5

9e9aac3c17da1438dd0ef6153530fbff
SHA1

c5d191ac45dc43ce2a71407897098240f172f3ca
SHA256

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127
SHA512

251666aa4c05468ccc6f6f0eec34a986c56b1c26d768c49019a6100a7c6c8fab70409acebd6d412daf689a619b234b103c4ab16a77760c0426dad3c549e51bd7
SSDEEP

24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8aU1o:STvC/MTQYxsWR7aU1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Kills process with taskkill 5 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	Process
1948	taskkill.exe
2708	taskkill.exe
2572	taskkill.exe
1844	taskkill.exe
2592	taskkill.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

pid	Process
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exefirefox.exe

description	pid	Process
Token: SeDebugPrivilege	1948	taskkill.exe
Token: SeDebugPrivilege	2708	taskkill.exe
Token: SeDebugPrivilege	2572	taskkill.exe
Token: SeDebugPrivilege	1844	taskkill.exe
Token: SeDebugPrivilege	2592	taskkill.exe
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe

Suspicious use of FindShellTrayWindow 14 IoCs

Processes:

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exefirefox.exe

pid	Process
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

Suspicious use of SendNotifyMessage 13 IoCs

Processes:

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exefirefox.exe

pid	Process
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exefirefox.exefirefox.exe

description	pid	Process	procid_target
PID 2240 wrote to memory of 1948	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	30
PID 2240 wrote to memory of 1948	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	30
PID 2240 wrote to memory of 1948	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	30
PID 2240 wrote to memory of 1948	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	30
PID 2240 wrote to memory of 2708	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	33
PID 2240 wrote to memory of 2708	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	33
PID 2240 wrote to memory of 2708	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	33
PID 2240 wrote to memory of 2708	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	33
PID 2240 wrote to memory of 2572	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	35
PID 2240 wrote to memory of 2572	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	35
PID 2240 wrote to memory of 2572	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	35
PID 2240 wrote to memory of 2572	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	35
PID 2240 wrote to memory of 1844	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	37
PID 2240 wrote to memory of 1844	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	37
PID 2240 wrote to memory of 1844	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	37
PID 2240 wrote to memory of 1844	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	37
PID 2240 wrote to memory of 2592	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	39
PID 2240 wrote to memory of 2592	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	39
PID 2240 wrote to memory of 2592	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	39
PID 2240 wrote to memory of 2592	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	39
PID 2240 wrote to memory of 796	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	41
PID 2240 wrote to memory of 796	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	41
PID 2240 wrote to memory of 796	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	41
PID 2240 wrote to memory of 796	2240	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	41
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 796 wrote to memory of 1796	796	firefox.exe	42
PID 1796 wrote to memory of 1952	1796	firefox.exe	43
PID 1796 wrote to memory of 1952	1796	firefox.exe	43
PID 1796 wrote to memory of 1952	1796	firefox.exe	43
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44
PID 1796 wrote to memory of 2356	1796	firefox.exe	44

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
"C:\Users\Admin\AppData\Local\Temp\b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1948
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2708
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2572
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1844
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2592
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1796
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.0.714143533\1039194009" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {029b4c33-6950-4074-a870-ac7d33b96e30} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 1300 101cf558 gpu
      4⤵
      PID:1952
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.1.1338077561\2142898125" -parentBuildID 20221007134813 -prefsHandle 1464 -prefMapHandle 1444 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {110f46e7-b960-4165-b58e-bb0ddc6e85de} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 1492 d71e58 socket
      4⤵
      PID:2356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.2.1338949967\1419276285" -childID 1 -isForBrowser -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {718ca97b-d1e2-4153-bd4d-e227f713d105} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 2172 1a268b58 tab
      4⤵
      PID:484
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.3.1434868346\760669258" -childID 2 -isForBrowser -prefsHandle 2836 -prefMapHandle 2832 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c6dbf9f-b335-4878-aa7b-348f16c525ff} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 2848 d64258 tab
      4⤵
      PID:1876
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.4.2041497536\1785401573" -childID 3 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adac18cd-34f8-42df-ae5e-24cf86234199} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 3576 1f77b458 tab
      4⤵
      PID:2544
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.5.1227283559\1348777419" -childID 4 -isForBrowser -prefsHandle 3756 -prefMapHandle 3640 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67d6733d-3f43-43a8-9a43-927fc194123d} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 3744 1f77d858 tab
      4⤵
      PID:2624
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.6.1132910336\1590771797" -childID 5 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29063d63-bd0e-4a06-be92-72018dea2a81} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 3944 1fc04a58 tab
      4⤵
      PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
040cddf9d5083052ac6fe1561153c545

SHA1
ab4891e0b3d3efcccd49461d2e89db0a5efe3db2

SHA256
95eacfd87a4d4fc180c1ac0901baced67f5f556a3939d69b65001b4233280a60

SHA512
1763e9f215a5546b26570e2b0e81b3c657a6b7c418743ea7f5b5dca84a7a679bddeb84dc8a58bd082f6a5dedcdd0027a154e33e55d39c71d5838de328d192702

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
13KB

MD5
f99b4984bd93547ff4ab09d35b9ed6d5

SHA1
73bf4d313cb094bb6ead04460da9547106794007

SHA256
402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069

SHA512
cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
4.4MB

MD5
7d238c2cfe4f9f5a32da78c1ceac1a68

SHA1
109565a79e683408351aa34034bbdcfd4fada8f0

SHA256
07c403c54706c2007025753549c252616c8badc2f68438390f26f338fe1203b8

SHA512
10e626dfaea939e2050cdc36648580caf46c03e2f878c033d6f7b2c0e4190100eb5b6a9448301d39977abe563c96feeb07875ddd65f7104a6c574514d0b60234

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
61ec6fdc910063cd3df6626ef228c0af

SHA1
80f3f2f26d603d4f26ed32d72aaa8e92f77ffceb

SHA256
1a5b1db9394d012966f9ebeb0292ced9b12a5f032b83da607194afea49746bd8

SHA512
e32e04394ecf039e4a75cfc3cd2ab3eee1a50ef372e75fdd119ff34b9d83410928c2b1d7f8ffe0c0ce851e4a3677117bd8ee04402ce0e316381bd64250872e58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\880ea698-f2da-4006-8bf7-0b35a9111351

Filesize
745B

MD5
e33908a743c9180ee8c264acc539f009

SHA1
d7fbbdb40d669d83a3d451f31b140256c7dc9b73

SHA256
4480058772d5ea4025c1f1e8387016d49d969178e53b545d2518e9047a291c16

SHA512
6323edbdae2b3d9c49987a22b25904b9ffa89c113011c4dd543ba664ef675d8be9df38fc759c186d7f1b5b0f45b0471ca895cb8b32cd093a29105f7ebc58ee7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\d05aa118-9aca-4204-8eb5-76441debb10a

Filesize
11KB

MD5
30fcb0852c952d8e7abd01ecbb368ef0

SHA1
ea5e7891fd0844c6a1247337fc4e23e303b59088

SHA256
d51d4e07c6b349c1b1de66cb0045fbfb02caca4cc396f93fa93daa9991c54124

SHA512
793641a3f434ff38d6bced8bde5c511bbab0ee3d64c93375f4a2e741f8562a1122028a528daff045be917a1088599e462fa3ebbde2dae0347e873b1eb4ebcee7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
4.1MB

MD5
4f60062d3ee8f11f7d7f12493b18c1dd

SHA1
eaa4ba51bfeb3c49e13fa256cf616464c465db85

SHA256
7329fe731c08612d1811ec6f8091ab8ef8f86aa3edd42ed3eb744c7c1aa38294

SHA512
79f9aec12c1cce7e696fc5d9ef704eed43caab2416001ec3a9efc7a180d6a1067ced363c2d6cce1d4b76f35bc34baf57a61f4fe527da82d3fa16d316b80a5838

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js

Filesize
6KB

MD5
19024b38121b950aee0d9129a2060849

SHA1
2c4a10b4aa376fa79afabb38dbe1946803c2e1f8

SHA256
a2dd172111e811c2f947d4808c72b27f4d416af83c33fe08a4ee0527791d7582

SHA512
8b00680a58b65c4b80302fcef0f464300da7d6df234f8f68dacc59d7a7fea1df80c35a357146ca8df9a595093c5a55273df39b4961b4bf97983781e8e33e9b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js

Filesize
7KB

MD5
2b3ec375330f8b562b5d032dc72731fa

SHA1
40e3ea400fd937b30b3a4c380619682f99aed75f

SHA256
1d56928d383a93a1e21cf2a01a2f8333fd069007e225c4cc34c873f5bb470e2e

SHA512
642f213bfbc35142b7af875f841b34f74c07676d8d6d47a02b1707e53f02bd11eeac270699c1c462f39331cf4a878e344f168b370d66e7cabf2085bf940c723d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js

Filesize
7KB

MD5
5226015c4524acebaa3e478ebdb1c057

SHA1
5ca33e9616511a2e74e4892134478bdf1d5ef0ab

SHA256
71768ae5b9895d88bd9f21e3871d2916eb3822529c94e23cfb3e7bc87cd6bf1e

SHA512
4ed1d40519959335ce02ee2114b9b0bffb0dab01f70c88bb12480e48a5d4d5ce55268458cabe9deb9fd1c0ed1ebe4e48045004b0422380be6d1127eebf44e5b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
345a1a4bf55e8d2b739d1a590e098482

SHA1
5072a7eb942d90a5e45f2e78ed575323488e339c

SHA256
21b2cf665031a7107dcfc8d8b51067e37f73cf61b4214035844a0512e90ccb10

SHA512
f461ac6b0e25c32bae8f637540499e8615b4397086bfafa7e570bdd1abc904d0418ecee35edb6b6c88e77c563c39b826fd425ce3b8d97c016f3fe1d522720550

Download Submit