e81c2909d03fef18975ca6d55b02fc2625c91a7c7be7c6b7f3d6ef13f4f90fd1

Analysis

max time kernel
128s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

900KB
MD5

825348bb7726434ff5305218f04085fa
SHA1

40cc20d2ba108a48f72683b0d71f794be9e17617
SHA256

e81c2909d03fef18975ca6d55b02fc2625c91a7c7be7c6b7f3d6ef13f4f90fd1
SHA512

3bc84b6c0fef00fdee69df12d9c29704d49404c9a794d8c5d7ff6546be60e17dad495d4262272a56a8f867f86ab68bae301f3769dc69a6f0d8137eeb11602b4d
SSDEEP

24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8aqA5h:aTvC/MTQYxsWR7aqA

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
4944	taskkill.exe
1564	taskkill.exe
4596	taskkill.exe
32	taskkill.exe
1824	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
764	file.exe
764	file.exe
764	file.exe
764	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4944	taskkill.exe
Token: SeDebugPrivilege	1564	taskkill.exe
Token: SeDebugPrivilege	4596	taskkill.exe
Token: SeDebugPrivilege	32	taskkill.exe
Token: SeDebugPrivilege	1824	taskkill.exe
Token: SeDebugPrivilege	2524	firefox.exe
Token: SeDebugPrivilege	2524	firefox.exe
Token: SeDebugPrivilege	2524	firefox.exe
Token: SeDebugPrivilege	2524	firefox.exe
Token: SeDebugPrivilege	2524	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
764	file.exe
764	file.exe
764	file.exe
764	file.exe
764	file.exe
764	file.exe
764	file.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
764	file.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
764	file.exe
764	file.exe
764	file.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
764	file.exe
764	file.exe
764	file.exe
764	file.exe
764	file.exe
764	file.exe
764	file.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
764	file.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
764	file.exe
764	file.exe
764	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2524	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 4944	764	file.exe	82
PID 764 wrote to memory of 4944	764	file.exe	82
PID 764 wrote to memory of 4944	764	file.exe	82
PID 764 wrote to memory of 1564	764	file.exe	87
PID 764 wrote to memory of 1564	764	file.exe	87
PID 764 wrote to memory of 1564	764	file.exe	87
PID 764 wrote to memory of 4596	764	file.exe	89
PID 764 wrote to memory of 4596	764	file.exe	89
PID 764 wrote to memory of 4596	764	file.exe	89
PID 764 wrote to memory of 32	764	file.exe	91
PID 764 wrote to memory of 32	764	file.exe	91
PID 764 wrote to memory of 32	764	file.exe	91
PID 764 wrote to memory of 1824	764	file.exe	93
PID 764 wrote to memory of 1824	764	file.exe	93
PID 764 wrote to memory of 1824	764	file.exe	93
PID 764 wrote to memory of 2392	764	file.exe	96
PID 764 wrote to memory of 2392	764	file.exe	96
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2392 wrote to memory of 2524	2392	firefox.exe	97
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98
PID 2524 wrote to memory of 812	2524	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4944
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1564
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4596
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:32
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d8251a6-d753-4bd6-a94a-067e0a837d4e} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" gpu
      4⤵
      PID:812
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28c6ed9b-b8ad-44f1-b4ff-eff7587f9f8b} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" socket
      4⤵
      PID:2520
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2712 -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2608 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a2f0345-28b2-4f1f-8337-e502b74f82ab} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab
      4⤵
      PID:2068
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3944 -childID 2 -isForBrowser -prefsHandle 3832 -prefMapHandle 2572 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e56ba6fc-60f6-4c3f-a092-d96b4c50afae} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab
      4⤵
      PID:4432
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4544 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4732 -prefMapHandle 4728 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d46fbbda-5137-4f80-80e3-e8360cd8d959} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" utility
      4⤵
      Checks processor information in registry
      PID:1964
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 4588 -prefMapHandle 4668 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45dd136a-947c-4a44-aeb9-aeb8232bdba9} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab
      4⤵
      PID:1012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 4 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4a18492-121a-4620-aefd-694642318611} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab
      4⤵
      PID:4776
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5848 -childID 5 -isForBrowser -prefsHandle 5768 -prefMapHandle 5776 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {263f151e-d730-424e-8d68-eb798763c6d7} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab
      4⤵
      PID:3860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
a6f83b830238ccf3f4102b41b788126d

SHA1
23886470a3316d52dd10e0a6e80ba5be5e22d273

SHA256
c6b59c11e47f56641c391ad83734396bcdd53daad13a88ca802d3f3051eb3504

SHA512
f423a5724e5b0295d73de4e61866d2d329261607fed01a7f2a19a7de99e809b69fd338913e945b6fe83a2580b186314e8f53278e0a67796342d25cc16915a9c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
fef9081524684caa10a5aa1e46817f90

SHA1
7418cb33efb98cc936a82fc9807dbe9b6c9cc4b8

SHA256
695f231563ead4105b8443ef54cfb580b6daa845ad892e49d80a3ea44d4740e9

SHA512
4216246a3708008816c3580a681355781276f541bd9af52155c38cd3e299bd2dd7dffba706878755f9fe52aa48633840af0d001cc27f1d8e4c4ebe7ca88ece89

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
10KB

MD5
7e321204c8c6bbe95ed9aad1625792eb

SHA1
b9299a358f1aafe23f8b847a350f562a0fef9748

SHA256
918c409831993d85f9247286368258d40b427a1067b28e5d238897dee571fce5

SHA512
315bcf86d097dbc05b8293c044852f3423deebad3f79c31e0383582600650a957b3ce50bd853a3b25e54fc94853a8b483b547df45ebbcb178d05136f301900e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
854528dbf962078046fe0902061bf209

SHA1
06e572cb5c55125cc3f634cb161048bda1fc5e5d

SHA256
962928cb35e28b46cdd22635452dc81839498b8f8b5fcbf08bd2d2f7ee9288ad

SHA512
66bd67188bbfc8c6f49756a05637d0766ab22a77f64b1b5b15e1c292a1aab869e28749ae8be068c453ac04f8b0e6380879faeb100f38a3370b2145b4b5016d09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b40b8981b39f500686baeaf90b83adbb

SHA1
2aaac0866965f6c9e5d49c2423143011199ae03e

SHA256
b17d31e61478144424e8f31670d656f6249c7d29106321d45b0d09800e2e094b

SHA512
a236d27bfa6e1fcbd2a26d5222fb7bbe36b42cf621dc9b88a4b6d587f8fb157e54d63b8bbb8567aa595d95d5c776f20d8feef8ba8d2c12bef4e781d8eaab88c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
a2394eeec03f540211d956037c11f34f

SHA1
812e03960fc563fb0bd05924d5a06e99b7cebcef

SHA256
637f2c6aad8d840e2800a6c091f73e34f2e2a850df9b8145cdd534e96c1f400b

SHA512
4ea0155fb211ce971af75b99410e8b3a26ea9e5a0f33ac46c16230b880b8f34eb547c743d917efab057fdc9b093e2d0801158aaaca2ceb8ef964b6bf32c81d5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d76521f96cb615f1423e6d408f13475f

SHA1
da8a6db82ec187738b75f1a135ccb61825cff043

SHA256
b928c5d02183154f358e39af651996fa6be84c5f4cbbefc9aad83de545ee1cf7

SHA512
eb6e06e50894564a3e7753eacd76e463554a782cddb05009d5900ebae5ac3a734f06b87df3a84c2e651d7bc149baaed845d763be128bce24dae5e6806ddd32a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\08dcbfce-1b76-4abd-b657-dbd68401c915

Filesize
982B

MD5
3745a07850f2c97657fbefe0b1efef4e

SHA1
aa88886e6a9e32ebeb919f9bedf266230c6f842e

SHA256
eeb56107425984046971882cd046780908262d3f5aa8b0f6b0b47ad064284a26

SHA512
cd8160459cc80d47b9dee4e8d759fe4c5e2755c01e67c8ab99c884f3724adcdaf45b65be81929cd283750e16368d1659701d6fc81e9e0fb2443332678c87911f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\26341d51-4a25-4002-bc92-0411ac50ed73

Filesize
671B

MD5
51d5735792cf73fb315497ecbb8c7c4f

SHA1
88a7119b7a7373764885b7762c7a3105c5adbf22

SHA256
5371402c7e0ca445e2e21d4ecaa0c820430ffbe23348e0621dd5f3f72aeaa4a5

SHA512
583defe63acc11568cb3ef38935b1ffbefdc71a059b37f216a6ba6d7367e2f57ca0dc76517d828982e1256d09b72ab0734a406baf421df1b4728073a0d473065

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\d9319d44-d003-4ce5-b988-46b00c8fb544

Filesize
27KB

MD5
c93cc266c0d967183c0ec4610670f0de

SHA1
9016305ba5b9460477dad8dd659ce089d490ad65

SHA256
afdac5132e8990c4581cb9f83fb8ec5456d1604bfb663021f4e20196a3c567d0

SHA512
aab946e0de6e5dc9c35181d5a3e960b7064290c85798431572a3dbff7f9cd0574648d1fe1e58faa24919a5de4daa20f749f9450c2a7cf62b0691889d2095b017

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
12KB

MD5
88a3abed6d66f67a8e10060a305bd664

SHA1
7497e7e1a403eb0e4e195dbfa779ff43dc59efb2

SHA256
22432f32723d1cbf702ac254bb121caec4635cfe4f3a682b741d1fa8702c8e8c

SHA512
8cc0f79a9e4da4d0fdab44de18ce7535418cbd34462af9d81b88fefe039cf405eb5890b865032d6ea297b161ef97904d6e2623013fce0d8a7c5518980269418a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
15KB

MD5
bcefaf909035ccdfff546f08a84a4fba

SHA1
9e35b255468f0ccdd7a4f73ad5c29ca3733f1b90

SHA256
ceba0c803c515ce9d22ba143e92ec606e4e2aff54941d4dec64eb9fb93857a8c

SHA512
2995af48279217f8446e9a8125fe36810e91f4c647accb6d33d2bfd3d202d4ed120a07d18d52be48372568acc53bdc28d6961b8aee1d41a472c37d6ac5f92647

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
10KB

MD5
64ccb81d7f83a15349ee831976ff3791

SHA1
b46fd9954cef82008f65cf5e13090700bf5150e8

SHA256
838a512eec19b89a259849ba6ddec63955c30f18fa7abbcaa75f27e4482cd416

SHA512
dc2001e6cf98d48daa4ccf979f41ccfac86b194e9a749d2b09fd70ee4fece319cfd3a9f9a48186d338208803df37f7db3cdca7baec5a84576f9d323e5d00592b

Download Submit