e85069cf3df6f629435808fa11dc054609e3de054c12314a4bb87a8ea3e853ad

Analysis

max time kernel
126s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

901KB
MD5

a946e9443c4fbb7cbfbca8667c099696
SHA1

85a6507e2ff6ed26724ca6dce2842b33dd97ef8e
SHA256

e85069cf3df6f629435808fa11dc054609e3de054c12314a4bb87a8ea3e853ad
SHA512

bbfa6b31b192bbeae2a13daa8ef41537a604faa7395c762ccf3eac00b6c82ffffc6c943e67127a7d41bfb591a555aac26dcbae96baef01d0716f595bac496da9
SSDEEP

24576:iqDEvCTbMWu7rQYlBQcBiT6rprG8aob4:iTvC/MTQYxsWR7ao

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2132	taskkill.exe
4408	taskkill.exe
316	taskkill.exe
516	taskkill.exe
1916	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2132	taskkill.exe
Token: SeDebugPrivilege	4408	taskkill.exe
Token: SeDebugPrivilege	316	taskkill.exe
Token: SeDebugPrivilege	516	taskkill.exe
Token: SeDebugPrivilege	1916	taskkill.exe
Token: SeDebugPrivilege	3236	firefox.exe
Token: SeDebugPrivilege	3236	firefox.exe
Token: SeDebugPrivilege	3236	firefox.exe
Token: SeDebugPrivilege	3236	firefox.exe
Token: SeDebugPrivilege	3236	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3516	file.exe
3516	file.exe
3516	file.exe
3516	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3236	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 2132	3516	file.exe	82
PID 3516 wrote to memory of 2132	3516	file.exe	82
PID 3516 wrote to memory of 2132	3516	file.exe	82
PID 3516 wrote to memory of 4408	3516	file.exe	85
PID 3516 wrote to memory of 4408	3516	file.exe	85
PID 3516 wrote to memory of 4408	3516	file.exe	85
PID 3516 wrote to memory of 316	3516	file.exe	87
PID 3516 wrote to memory of 316	3516	file.exe	87
PID 3516 wrote to memory of 316	3516	file.exe	87
PID 3516 wrote to memory of 516	3516	file.exe	89
PID 3516 wrote to memory of 516	3516	file.exe	89
PID 3516 wrote to memory of 516	3516	file.exe	89
PID 3516 wrote to memory of 1916	3516	file.exe	91
PID 3516 wrote to memory of 1916	3516	file.exe	91
PID 3516 wrote to memory of 1916	3516	file.exe	91
PID 3516 wrote to memory of 5116	3516	file.exe	95
PID 3516 wrote to memory of 5116	3516	file.exe	95
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 5116 wrote to memory of 3236	5116	firefox.exe	96
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97
PID 3236 wrote to memory of 2268	3236	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2132
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4408
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:316
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:516
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1916
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3236
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1640 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4906a4f8-e1f6-4f8b-ba13-819d23e0fb5e} 3236 "\\.\pipe\gecko-crash-server-pipe.3236" gpu
      4⤵
      PID:2268
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b755113-7d31-458e-8cd1-8aebc5e009e5} 3236 "\\.\pipe\gecko-crash-server-pipe.3236" socket
      4⤵
      PID:3840
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 1412 -prefMapHandle 3104 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {215c2bf4-6b98-4a61-9071-a61f1d052d82} 3236 "\\.\pipe\gecko-crash-server-pipe.3236" tab
      4⤵
      PID:3244
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3856 -prefMapHandle 2764 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37d67981-e1b8-4924-ab7f-d0e3108396fe} 3236 "\\.\pipe\gecko-crash-server-pipe.3236" tab
      4⤵
      PID:4396
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4708 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4736 -prefMapHandle 4732 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1142f431-483f-4ca3-9d1e-5067387cba77} 3236 "\\.\pipe\gecko-crash-server-pipe.3236" utility
      4⤵
      Checks processor information in registry
      PID:4424
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 3 -isForBrowser -prefsHandle 5640 -prefMapHandle 5636 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79e9891f-77ce-4796-8e22-30b33b2b4f06} 3236 "\\.\pipe\gecko-crash-server-pipe.3236" tab
      4⤵
      PID:3572
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 4904 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7efa90e8-86f5-4c75-84b2-4865a07ef70e} 3236 "\\.\pipe\gecko-crash-server-pipe.3236" tab
      4⤵
      PID:1168
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5936 -childID 5 -isForBrowser -prefsHandle 6016 -prefMapHandle 6012 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {872d3663-02a1-4eff-aa3d-0ef07f4fc831} 3236 "\\.\pipe\gecko-crash-server-pipe.3236" tab
      4⤵
      PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
d87833bc2863fbfb2280d6303f980fbe

SHA1
38a5cc42685934181bc1671dc3710c10e90a27ec

SHA256
068eee1dbedf31120cf5507aba92ff1cf9d77409c52cf0660bbc2b9a4ceb662a

SHA512
b39ba99c8191368465e9c3d8b3d5a7d65965f47d6d7c0fc832b23ff4ca91d1e5095f3a578e5917339f8f5710f529fa6ceb335ed0b65e455c52ce378a28b74e77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
4e169fcda7dfbb36611a6a47424ece54

SHA1
c8d73d7666d729e437053609ed9e1399cf45b018

SHA256
824863eef2fadab74cd84e7ad9b9c68073c0117809820860ad8a19ba5fdd547d

SHA512
446cb88b3192b1e0a31be8a1caa3e0ecc2bd96b41b8aeef5149360d2236187c7aeae6a696d0895e6f6c02c242d13d1c3a38fea8d92a405296f5cd18cc1b3e500

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
8KB

MD5
9b76197d3cbf133464d7cf348cca8ac2

SHA1
378025bfa0295f20b5538cbd41da4d02a1810bff

SHA256
de46d443245cb65e4d20af48f615bae45da9b93c50ac0315fe557f0a1e966471

SHA512
1b6b6e4eb1c050eedcf88413a7617af3840fea813b4c65a169b72140466abf19ddaaa4de9e1add6eee869db0df8e6c9f309a00650d1b0dd50dfa4c9f4f2f3ef8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
18KB

MD5
7e4d938448b2c0193c3d52e34dde7c60

SHA1
3cd76ff05bdf41f6f1bfff71a54b0e55c0a77983

SHA256
0eb9a0af090dac2e23f59b493c09a453d63da73b6a3ce1ed8362ccb0ff7b80af

SHA512
0dd43004b62d040b1733f1bb8fac8ee2830dbe49f7e669bf4100d85117bef66e5682f4f59fb33f43a828ccd4a5dbb23c1bc9119344e6a43bd314368a4a31a325

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ca76057798966cc76b77373ccb0e25d8

SHA1
5b98565ab130d792635718b5fbbf21673c1baf91

SHA256
630f6b0d45fdc259b4ffba0e7709105b214938210e90477507afc4a37468a77a

SHA512
6f4e9b1fe6403546ec910019dcc2cf658243778d90f385ab2e5ac58dd0fa81c6796a055a86588b1b52c721d6ee2fc4e22fb85f069c851a2679ad8f2f300aeebf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
0a4f326dde9837822264b77afabe5920

SHA1
bd203920fb5beec8cde5b70617e4c4b44a3916f9

SHA256
c1a1ee10cedfeeec22748827d60b190b22da9909d9bfa62c87febf2f24def008

SHA512
e42b4e9f3f35a41b62f8bfb78a09e3b7d0856f585864e594728a7c531a76d811417d62558962b0e434a3157a52a3cb3cfda6266a92a363996d7472fc409597e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
dd4410a0c2c5c0453f399c2002e96528

SHA1
548c631f42ee6ea9ca9301b5b384f2216cb2f0cf

SHA256
14fe001eaae324f4cf057a12e5d0322ebf23984b7697b432e56c0cfc5e5a4d1d

SHA512
0088b3def3ff2ea60e2e57147848643bba98ead6b746631a9b2ff9a7a5273a6c3a351866dfc75627314249fd5f34f4d18272788b7746b9bfb175abc060e8db39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\b55cea47-10e8-412c-ba53-7f04418382b2

Filesize
27KB

MD5
ac7f8068510252c5e0ddf0704153fcee

SHA1
7d9e0a221906299d558cc5dfed1b6ad55a651fad

SHA256
3227051a8e35496d88c784af13530e88fc1fe6c3353762a09b786cc3c0bf414b

SHA512
192e9cced083015fae1a0b28a0be88209bae82eebc58f19909705542a29b32e7052d73fca6b08f8c0bbddbd5849d13cb32b71c092e4b2986b5e7fb844e3b5672

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\d62ca2ba-2a6b-4abb-b4f1-f2e4d1900186

Filesize
982B

MD5
3b9823639d290e2b1dbb68da99a94792

SHA1
223240e6f1904034b2575c390ac439448303037e

SHA256
e4bad7f0580d945855d0f76735dd9d527b8dad691664e3a569c4b304d27e8763

SHA512
913a3a124f09590affb307703fed375b25756e074436a81429f0d072078f897eee1afa34aace0c81d2b096fd203a19e2126b7d13b12c59c03edb5a9536f8ed1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\de0b2e7c-281a-4023-a2f3-d9e6c5c5b346

Filesize
671B

MD5
7f8ce7138b87a02293f63ed8a540206e

SHA1
c0537b884264c5863eec8e5649908fb86cb1200f

SHA256
a6c176fe1efdbb28757876fe7fc405a3536c4b88101ae8732a061f5c10d52c19

SHA512
b6d4009d3d18a5b8e3480d342d5b7223e3a01122321adc9916d2c966ec22891dd8a654939b9f3897763dc063437ad626b02c76f5cec3f4b781fdf239956e3ea9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
11KB

MD5
a3275699ea651f5e4174e5abc6188fee

SHA1
b271c03d2c4eafabb0510163dd1e92a0176fb31c

SHA256
57f2e450ce6d5b1b8c32a8bb6f2942ed590c5887a8c57bd62966c0e8bdea5c97

SHA512
2b625a90acda8dcb6c15b08361818dd290de8d31955a031bdba9eb9123ef1624ac68b9074b405d91211201a63ac5035bdf2d8921f9fd5cd309b2d94413325aac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
15KB

MD5
0f5a174cc99d424f2565bcd3a2d709e9

SHA1
e57498472bb8aa33a438c9cd186a42b2575837fe

SHA256
c84e514d106f63f1db418fe2b20fa957c50c1cb924c9ca8d5ec68597abef2160

SHA512
c66f23955757b9adaff465ab2f6689a996c4b7503acc7f2e7376b16cf337d00d0d18bf65b809a71dd5a93057ccc7b13f3ebef69b5986c608578f14faa74d1d3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
10KB

MD5
ad9e314872503639519ca675790e8afa

SHA1
ea9f0bd3db1c8cfdc0baf92d812e862267b61d61

SHA256
e73b660fda3e4d63c15463f860213c8b59ab7d89d18fb6cfaf5fe914482bee92

SHA512
225ff58a9b0ac0257b34cb56d89e509d17891410f3a935f3e431f2fd73debe3f45ee6776804455672770292e15532fe2b611548e398f65ee24a9318a9678feda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
10KB

MD5
ece7e026ae0044af1025626687f3ef1a

SHA1
39410da0104cc7749a67fae371bd8ace5177aebc

SHA256
7e6631499212235cf55231ff8d4ba1fbd8e203410bbcd644238edda1552ad973

SHA512
ba22138c079d298e5eae5c1ff69c2a41389250bb74a7a7b999629c6408bdfb25e84fc18f3c1df69b7728f3389ea3c0833406630f54f20581012091648b17c2e0

Download Submit