0a80bf68485be42bacbdadae87992c162fac7cca497b06666bbe34870c9dd025

Analysis

max time kernel
127s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

900KB
MD5

000f6a67464f429ee855358ddadb9f3d
SHA1

cfc0be7773e578abe007bbe5c7106f6770a4685f
SHA256

0a80bf68485be42bacbdadae87992c162fac7cca497b06666bbe34870c9dd025
SHA512

f8ca3d938752e626c5551bf4008f20fb3cc5610acf078bb9a3542e8386636a7b59f14cd6b9e0b020fa508c68dc3ce8e0efe2c4e99e100db32946835b298f365a
SSDEEP

12288:VqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaATM:VqDEvCTbMWu7rQYlBQcBiT6rprG8aYM

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2120	taskkill.exe
3536	taskkill.exe
2388	taskkill.exe
1216	taskkill.exe
2288	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4120	file.exe
4120	file.exe
4120	file.exe
4120	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3536	taskkill.exe
Token: SeDebugPrivilege	2388	taskkill.exe
Token: SeDebugPrivilege	1216	taskkill.exe
Token: SeDebugPrivilege	2288	taskkill.exe
Token: SeDebugPrivilege	2120	taskkill.exe
Token: SeDebugPrivilege	1512	firefox.exe
Token: SeDebugPrivilege	1512	firefox.exe
Token: SeDebugPrivilege	1512	firefox.exe
Token: SeDebugPrivilege	1512	firefox.exe
Token: SeDebugPrivilege	1512	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4120	file.exe
4120	file.exe
4120	file.exe
4120	file.exe
4120	file.exe
4120	file.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
4120	file.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
4120	file.exe
4120	file.exe
4120	file.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
4120	file.exe
4120	file.exe
4120	file.exe
4120	file.exe
4120	file.exe
4120	file.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
4120	file.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
4120	file.exe
4120	file.exe
4120	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1512	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 3536	4120	file.exe	83
PID 4120 wrote to memory of 3536	4120	file.exe	83
PID 4120 wrote to memory of 3536	4120	file.exe	83
PID 4120 wrote to memory of 2388	4120	file.exe	86
PID 4120 wrote to memory of 2388	4120	file.exe	86
PID 4120 wrote to memory of 2388	4120	file.exe	86
PID 4120 wrote to memory of 1216	4120	file.exe	88
PID 4120 wrote to memory of 1216	4120	file.exe	88
PID 4120 wrote to memory of 1216	4120	file.exe	88
PID 4120 wrote to memory of 2288	4120	file.exe	90
PID 4120 wrote to memory of 2288	4120	file.exe	90
PID 4120 wrote to memory of 2288	4120	file.exe	90
PID 4120 wrote to memory of 2120	4120	file.exe	92
PID 4120 wrote to memory of 2120	4120	file.exe	92
PID 4120 wrote to memory of 2120	4120	file.exe	92
PID 4120 wrote to memory of 1944	4120	file.exe	94
PID 4120 wrote to memory of 1944	4120	file.exe	94
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1944 wrote to memory of 1512	1944	firefox.exe	95
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96
PID 1512 wrote to memory of 3892	1512	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3536
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2388
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1216
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2288
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2120
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1512
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e193736-5970-45cb-8080-fd4d7096eaac} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" gpu
      4⤵
      PID:3892
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16f2ebcc-995b-484f-9941-59c7bcfb367e} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" socket
      4⤵
      PID:1324
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2788 -childID 1 -isForBrowser -prefsHandle 1444 -prefMapHandle 3012 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32bd74ed-ac7e-4d8a-a39d-be7e8778754a} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
      4⤵
      PID:2772
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 2700 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32734fac-41db-40ad-afd1-0ff6c3883fd8} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
      4⤵
      PID:2872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4508 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4520 -prefMapHandle 4384 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58bcf5e5-39f5-403a-b217-efef106407b0} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" utility
      4⤵
      Checks processor information in registry
      PID:2388
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 3 -isForBrowser -prefsHandle 5344 -prefMapHandle 5340 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22f0b052-917c-4cf1-8767-03af5aedaf0c} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
      4⤵
      PID:4912
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 4 -isForBrowser -prefsHandle 5492 -prefMapHandle 5496 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d2f0dc6-b482-4369-9979-9e1283d02af6} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
      4⤵
      PID:3612
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 5 -isForBrowser -prefsHandle 5680 -prefMapHandle 5684 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a343210b-1071-462a-a030-a1472061ad3b} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
      4⤵
      PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
1c3da36943d8305b1c96815863a9b78c

SHA1
60e7472071df5d4950d405ebce13b6fe8d57c051

SHA256
2e4d1d4d8907ef455bc654ec72464356d82660b3ab255fd31920da34367809a3

SHA512
f5ac9e50957768660a7fcacbc2a75247354dca8ad27ccee74396ee6ed151d7ab7f6f076d5237640c2cd59adfd18c21717c120e599bd296381cccacc9b12fbc62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
69a2e640be36f3162d4bcfe0db9cd557

SHA1
114fda93f146f26025af4a5a10597c0c17b76e24

SHA256
b0845f4542cde15b85be800269a342a12f9f4fca5083db76054e92a8e8944c4f

SHA512
992aeb8a5e4d555da235382d404ab9b6989429870f222d0d0b09ac7de3c9cceccfeb58597311a26bad4a7d082505541a66f09bb31004715ea4b7f10669eb2f6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
6KB

MD5
7f155aa4c16d1a8d1e06efb1da1f8c4e

SHA1
41dea19b72136312a36ed730b2e8e9f36ea61a90

SHA256
8adafe93fc0a0ad281456b5328413ef23152e4420d2f37b26f318069bdbe01df

SHA512
865416cb3119709a20e6386ede179fa2c3343d24c9cee24a262d78425524e5a29838c74cabac9e45c0cdd7488cbbd117b16c9e03c53745839ca7a63e46eec639

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
8KB

MD5
788b8598bf484c6ba5c69817d32a8b92

SHA1
c13a9fa42cad6a436949835c15926b6f7ec6ccfc

SHA256
12ca1c2c5a1229433214ae30f6ff61f5579c346e277e80db77553fd3edbe2d47

SHA512
74ca6b514dcf0a0b6768eca96e98d33219263f78bbaa3dd1164b7898f10d9fa4c025ea2388f173cff593dba20fee35c213c5902d1a90c89d409cad0c012f255e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
12KB

MD5
9a10e04371ae68cfb9d496a69a086226

SHA1
a99089d8dd551869df6f4ea7edcf4c6d51cac53e

SHA256
25a411063296abb0e260d4e4dd7c95e1af75927f3c17a858e0e14693658d9b9a

SHA512
c726c017384f6928c9aefd2427d62dfc58fbd887011c9f97f1634c8d7d11e3170e3a45f62fef94bf76f0ad4c1497374d3cf7d475b72be0b9e94099787eb94ea4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
77708d7ca0e053124e1496e561420238

SHA1
e5af078b109f0ed8ad06a866764751fb6511ae66

SHA256
8e1a57b3ab28071c3cd49a7049d4743e4b479f1edf9ee1bf6c1cde07def56b51

SHA512
c38476a43c952c80de74ab0c204e9e947427cb22140320b94268666d230ebd7ca821a713560550fbe6eb0a4a7e34f98971a00ff1e85ef4cf160c619b1ab50582

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
ed5ee066169c73f031acdfd0d91f03e2

SHA1
0f33654c43c3384fa90b7c40b394bfd5ae61668f

SHA256
21b7b3ec941bd83bf3036916f1f6e54eb543306ac7540d7cca406087dd5ff003

SHA512
b3114aaadca9f4d8b15f57bc77360b362b43956ebe6e659de6e7e9b49b6e7a1d99cc15d6ccccfdf93183e0f76ecded9f3e10d4fae457827c8d34cc70615ebb6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
1555739c803e236975406ba2fdd02679

SHA1
a734fdd7a81bb6120dfdd42af43f5f5f94127e0c

SHA256
0b55ae97bb39d83f03793aa72e54b8ba935525c05343c95e1de531175e07397d

SHA512
c3d055fbee0c980e2f49e194243c3c3b1020648f48efa92e8647d9e31190569c1032b5d1c11cadc93e2700c3a5c926e802ab30dbef7915ce0f7c34209580fb34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
60df4669a6107d41d29cafd99e19b286

SHA1
d360145c76a8b917630c4271aa0ec8f81ca53cd6

SHA256
ff271909596adb344d66b50a53d5009c39ea1eb58fd3ed5fd5a2d84f69f414ec

SHA512
442faf327f6973b975c0d521499ef0c9e96485fa34b894af3ba2cd976c36bf4418202363f81f4f3a108d1621dfbac0c1a15efeee53612c4cfb1024eee28fe0db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\721db036-fb5c-4326-8569-0408cc188c4b

Filesize
671B

MD5
44858cc8b3286e5b1d31012f79b569c9

SHA1
240bc5766fd196ecc75e6763a27a6e3fe7479d24

SHA256
1f8dfd6ecbb474867d5d78a5aaf7dca381661d5fe0ce19807d559362b75d9129

SHA512
387709e2f55b41ce53fd20c4b131aa31471be9b6d0f151bffb90e937706a626ec661cece627479f662924add9e47f7482f0e9f7194f7e80242f5e9a6f3e3519e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\79146e09-88a0-4e55-83a7-8fa5e58aed8f

Filesize
982B

MD5
56dad2b5f0a35018350fe56e28da4f1a

SHA1
296742f86d8c73d1bc1456ebb83001c2d9e8cc22

SHA256
aed47eb9e4eb4af70e3c18d0305b71a773bb11c3b3daf63d17d474e8fa0755a3

SHA512
7c456f8c3c7ed30ddce65128c128bcca18a762a95ab4391fb876427d4e6560b94dbc953c747bae3b5a7c0f1bd3582ce0f44858650a3c969e25bbb57d719bdaa3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\f1a13ebc-b1fc-4107-acec-387fc4b7a906

Filesize
26KB

MD5
818f148abc5c5a26d58bcdfb0093c13b

SHA1
a21cf4116e98d2310a79cba94bd20c0be483e520

SHA256
7fc720557f4b0d93a629cb96d4f15fbbe9f6f5563fa51a405c6a4973c17f5690

SHA512
fbd714af75504fd212fa470ef6088e72c0830b07c04ea64526da7fd44d9d87d5d87d1c0a994db60b513d9799f719093a2699587db7881a8d3e8811a04c226124

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
12KB

MD5
709d9ff30024768e61b835d6e2fefb95

SHA1
10876dffce1196590c72e50f4f03e0c492d3482a

SHA256
db8b4886ef5996f20033630c54bbcdbe8e33ec47620a511c64dda51ed385fe9d

SHA512
2a48a04608fe52f0b4b5481539f51b013795511808da2924ecc0f12d7ac54310fecbcb1ddf6b71ae896c8fff4e0c5de3c18f5ea74f169722d312d483aaff3584

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
15KB

MD5
32ded615d099f5a5cd6cd81af5545ed2

SHA1
d77c7e809fd0d70cb70a609a3b0b7111e9d948af

SHA256
ec40a7ec8facae7b725946e7994df038508172fde5dba46cc75de347508af307

SHA512
2524e1e9d9d90b48f6a58eff0e948f11058604b9e6a525b548aedf387870a50fe9b0041f2eda9fb05021d56913b266984625438504b8ff5d28dbce57631b1f6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
10KB

MD5
8a7550d7b171528f05a7de40d24cc042

SHA1
1661446e882347956c3298b75f50be8ee8bcd6df

SHA256
704182302273946a157b70224aec38be01e28d7d88eafe85be9aee1e260da978

SHA512
f1ac40320cd625ed3769f6c8e577506926872be93064f8d0adc6dc326e0d914f661cc318431c37cf3bd611fe6d7e264b1b635c24c4a44f7752053fb49548e44a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
10KB

MD5
9c2c0db23be50c0b25a43a3509676b6a

SHA1
0c891747bfa2cc4b3d5d2526df125e10d83a1029

SHA256
2eccb5a7ce9671814ce9eb944d9f93eacf3418d3bc524d23497d3903f4edef70

SHA512
d4f7f7a02145d3e79b0bb115c0a467519368188f783cc5f8b9839327af4161191a0304d31574ad652eecb3905919f8328fb7830e29da617365639b6bdb0750dd

Download Submit