401c7a655f52432944a43685f44a139fc65519e42dba6be1eb3e677e801a36ea

Analysis

max time kernel
132s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

901KB
MD5

49c8e83f1fcbf472e3a901724f8a7c0c
SHA1

89405a180961b6121e8a1930c86c0e5008127d49
SHA256

401c7a655f52432944a43685f44a139fc65519e42dba6be1eb3e677e801a36ea
SHA512

9a0650259b00bd2a8416604fdda766997bd44a30e3240f16cd0a5eb47eb9e7d77ce11e007e8c44cefc5eabe973f0e4325926fde0bb0d1b49502087557f4f1fcd
SSDEEP

12288:BqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaTTi:BqDEvCTbMWu7rQYlBQcBiT6rprG8ani

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2092	taskkill.exe
2232	taskkill.exe
2620	taskkill.exe
2536	taskkill.exe
1704	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
780	file.exe
780	file.exe
780	file.exe
780	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2232	taskkill.exe
Token: SeDebugPrivilege	2620	taskkill.exe
Token: SeDebugPrivilege	2536	taskkill.exe
Token: SeDebugPrivilege	1704	taskkill.exe
Token: SeDebugPrivilege	2092	taskkill.exe
Token: SeDebugPrivilege	5000	firefox.exe
Token: SeDebugPrivilege	5000	firefox.exe
Token: SeDebugPrivilege	5000	firefox.exe
Token: SeDebugPrivilege	5000	firefox.exe
Token: SeDebugPrivilege	5000	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
780	file.exe
780	file.exe
780	file.exe
780	file.exe
780	file.exe
780	file.exe
780	file.exe
780	file.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
780	file.exe
780	file.exe
780	file.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
780	file.exe
780	file.exe
780	file.exe
780	file.exe
780	file.exe
780	file.exe
780	file.exe
780	file.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
5000	firefox.exe
780	file.exe
780	file.exe
780	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5000	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 2232	780	file.exe	82
PID 780 wrote to memory of 2232	780	file.exe	82
PID 780 wrote to memory of 2232	780	file.exe	82
PID 780 wrote to memory of 2620	780	file.exe	85
PID 780 wrote to memory of 2620	780	file.exe	85
PID 780 wrote to memory of 2620	780	file.exe	85
PID 780 wrote to memory of 2536	780	file.exe	87
PID 780 wrote to memory of 2536	780	file.exe	87
PID 780 wrote to memory of 2536	780	file.exe	87
PID 780 wrote to memory of 1704	780	file.exe	89
PID 780 wrote to memory of 1704	780	file.exe	89
PID 780 wrote to memory of 1704	780	file.exe	89
PID 780 wrote to memory of 2092	780	file.exe	91
PID 780 wrote to memory of 2092	780	file.exe	91
PID 780 wrote to memory of 2092	780	file.exe	91
PID 780 wrote to memory of 2660	780	file.exe	93
PID 780 wrote to memory of 2660	780	file.exe	93
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 2660 wrote to memory of 5000	2660	firefox.exe	94
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97
PID 5000 wrote to memory of 4104	5000	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:780
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2232
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2620
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2536
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1704
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2092
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42d329e6-8daa-4a2d-9f30-c5e44817d92c} 5000 "\\.\pipe\gecko-crash-server-pipe.5000" gpu
      4⤵
      PID:4104
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b178260f-1b64-4d27-98f1-26f3b68c9a25} 5000 "\\.\pipe\gecko-crash-server-pipe.5000" socket
      4⤵
      PID:868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2968 -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 3252 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb03de41-847e-4669-8c62-1f0a0376343f} 5000 "\\.\pipe\gecko-crash-server-pipe.5000" tab
      4⤵
      PID:3868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3164 -childID 2 -isForBrowser -prefsHandle 3704 -prefMapHandle 3700 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d2c14ac-86e9-4200-9d32-e069283d26e7} 5000 "\\.\pipe\gecko-crash-server-pipe.5000" tab
      4⤵
      PID:2876
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4792 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4800 -prefMapHandle 4796 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16bca45e-6e12-4b72-8264-7b7c502727ec} 5000 "\\.\pipe\gecko-crash-server-pipe.5000" utility
      4⤵
      Checks processor information in registry
      PID:3564
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 3 -isForBrowser -prefsHandle 5456 -prefMapHandle 5400 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d6a41b8-73a0-47d0-9b61-f3c74d4b8689} 5000 "\\.\pipe\gecko-crash-server-pipe.5000" tab
      4⤵
      PID:2104
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 4 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f7084f6-ef37-4fb0-883f-a109af61f72a} 5000 "\\.\pipe\gecko-crash-server-pipe.5000" tab
      4⤵
      PID:3016
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 5748 -prefMapHandle 5756 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0da642a3-0256-46a5-a271-283bdb5ca0ee} 5000 "\\.\pipe\gecko-crash-server-pipe.5000" tab
      4⤵
      PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
83f6298be7af0d48fa5f5422820b6f68

SHA1
655baf710d1b12bf53ef048a63dc8734c3159f69

SHA256
cf77b4d90f7160e8d0ab4768b47696d0ebc2d6a724f731e49d96820a93f47fc1

SHA512
9f255359a19d8f50552b55acc413a29bedffbfad85dceffec908e846e713771408fead86f8aa170297c922263e65052a26970b56675f84ef47472e664812782d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
36124e22a54300f0577c8eb727b1fd3d

SHA1
d6a47dfc137dcaccf9c610494bf2d1659b0f302e

SHA256
472bdae951f934500d81452293dbd0caa88b1163923fe2d42580c6fe8b3dc78b

SHA512
7c10815b2ec8be4f0153583856a4e3a2b4306d1627ca4db84e552230c34c31220346e86aff63a97eaca78aa44156038a8b4e8adbcf7ea728eab2a85dc009248a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin

Filesize
6KB

MD5
7d4129e0f2a0e3623e94eef7f1c11773

SHA1
d34a57a1a91630c67cc0a19dd4103d9e39731a10

SHA256
b53a07c8f80b621d3ee9a6526a8dd23cf8afb9cbd94002f797d800fe1b8002c8

SHA512
712e9cdea962ea121589b5a59004703e87323aab9aa91359245e5f0b932b43d989010546c2bd418fd0e055385901035b22a69d67f623d4367fd93e410c7a48cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin

Filesize
8KB

MD5
c3a2afe61294c2bc35ea2071e6ff9378

SHA1
e46e48fce1ac869b123f44f4a4d57b0f3b35be62

SHA256
bea306ab25148f868a1b8775e4c7c3ac1a390cea788d8ea05c9fe7dc66cdb6fa

SHA512
cd376be8e234f5ffab240e979118799be1272df569a45b0f4c4c7a9adc0f85bc524c342fad882e884adf53011c7ec640802c73464218a40da8e9f88f8b9b0c10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin

Filesize
18KB

MD5
69a5b883709e39e9dabdf135105f9de2

SHA1
855525a7401eaf8f0b79bcd3154f9589b12a1117

SHA256
aa19af4dbee094ee9cd57cb0915df74a638002913ed2293b27c02cccd4143e37

SHA512
b5335f4e64e2982ddf87d16cb831e66a0045965ed95b4a473e408e355654361f774271447cf6abc8d8e553633ca1e029c9a1d248f4011f62887cf635db02430f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
46914f05673f8f6ae03bd136d8337c59

SHA1
ea2e30115fe13fe0b028bd3803d32f09985d5bf0

SHA256
30191d2fa3a1e1d273778d63c17b50d54d9dd5b74cd7042914b17009d7b25914

SHA512
9f655dea6fb4bf538ac32e10f1c4c0d3c2eecc1e2be31051ad32276630e066a2c13da99ff90fff6859752c7a020781aa4c358f84f55d574433f96075b8061013

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
590be676cf4c5c056c9f1b63375721b8

SHA1
dd5686ed84b529af7a206db8101c04334b178ccd

SHA256
ee8a6d269fbdfbed2b5d8623cf741fc0d694c6cfb4fba03d562cce6f2a44f0b6

SHA512
06f1e64dff87f74e8b434b3b386a02c6b6c9ec73199129dad60fc5b36da42dcc989d68cae5c7ada52edb04eeff4094368847c92f1e48d8e8b26f752e3d82f07e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
fe1dad0067fc553f6c9100862ccb80e7

SHA1
b40e493d9a1e24b6e9ec0eb774e1d50b83be4b8e

SHA256
aed37cc57c126292e7847db02cbc951eecd59b8f4b3659f8504e9d41e7eab272

SHA512
cdf06dfc940867d8d68241f1e127d6785e31fd74f18482976b4edaf022aaa3f921b93b28a796513088b37caa13b2f3c1e4376366af8e9a6b0a01a25f5e887772

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
91cec68c13749a765ccd47abae69f826

SHA1
e7aa0fa190749023834c35001056cf7aac58010b

SHA256
e27e2d44729ad48579784dd465256a813eb814d9e5b2fd4564298624f59df931

SHA512
acc2a969a253a459b239c8b5e4f9fd8b924a7ee755fc40b0afdff923458eaca018760077afcf25aaf497a22b8896c462a466df0b1af0965336dd489a6890f1ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\31f996ba-45e2-4657-8cb8-f87812d4375e

Filesize
671B

MD5
3f8274cec55dba3d1222443b1ffb2ab0

SHA1
6ab0d8939f3e408035b42463c74737a090fcf1eb

SHA256
8abc9007a1c5496efd872673baf321984a5d0564584de4308dee1f434c02f8bf

SHA512
e25a1a1144d7a262ba48cdd033897e54d044f67e14afb5b7974373a2b8b1ad7fc34f8594c5f7e85a7ca68978b7002629e5eeec3317d6ba004218a59131c1dd8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\3c9ee9b2-7dee-4dd3-9bec-9f25b323981e

Filesize
982B

MD5
99bacfc9e632a78ba86d408848311855

SHA1
0e1d0adf1d4ac806c60ef2cb74671afc80cdeb92

SHA256
6295dd810b71b5a7a8d58b7e5315aaded8a0e9117f1434e6abfeb85302334429

SHA512
71eecccbddcf868d956ee149f3d56a68fa4c03d100da1ded8997acab727c0f36397ebd9eb7cf1afdda7af5e8323273991ea3a3d572d082aaa8ffc0e9c5e12319

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\f8151b87-bc7d-4412-9d40-8a978a0f4e22

Filesize
24KB

MD5
bb03eb7f92315418b90c98c125f34b85

SHA1
d44140dddb1e0db4468db444e576183b0f14757b

SHA256
8d2f9e52146a3c554f8e95d8321845c3fb0214e9b4f98fc9a0eac7bd8fe743e1

SHA512
0dc16011adefede039b5257ddc074ac28d6ce9c7e6d7096545270fce81010ecfb352ab41a1a255e6a84a1500f78ac9e78d3f2242fa8b269b899b8d3d9f0f739f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js

Filesize
12KB

MD5
61899b97782a8e06a84bef30404eff79

SHA1
4d116b889f4f6faed6a1aa111288b516d5efd1e9

SHA256
7bbbf4b50f156fed9a3417d3d5860a1c04b03d9987a1af327c9907ee0565b255

SHA512
bf4cd435bc039ee387efc9f6d6f37e9d2ad28faaaf04c8672753141629fdd36e168d6adc99085dc5a6e7b84ecb65cc645cf98cce5ed3e0f8747cf2e99ba19297

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js

Filesize
10KB

MD5
0d56edfbf9c3c2b011cd0785c5aa875b

SHA1
ffba5412149e4c450a1c9dd820153c5c5fd7daa5

SHA256
9e700ca098f2386cb247a7f63da484c0cab2103f6754f37ed7e093147614cc7b

SHA512
dfdc967b38ac6568c76a74d5540186ec2870f334888977e1e4d4be51874377d62a6ec4a9447db9c129d05193e34c60ca41017e1553d3b97f9b75c588aa03bf9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js

Filesize
10KB

MD5
3661b7340f4bc86a4de450218a09feee

SHA1
870a74cc33a7822f2ae24d5a5a449a14b18a770a

SHA256
d5522467d83ab8af12e5d6488959eb31912fedf906ef9cd4977d16775674f2ff

SHA512
07ef03a72698ddff312418a2ec9bef959d73b3dd21660a80d3e6e6553a058a0d4ed9bbb0c78410259ac1c617b2c1cd9a81d22454fcbb9a4dec6373dfca5a3b21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js

Filesize
15KB

MD5
18b5f9aca4c1ebeff4af4e4f96b5e392

SHA1
7c291755a8c097d0418e594a68dc16fdb0339cee

SHA256
3bd3b24fb3b6d3cb831c2ba899860ba9a5b578f7104035b3ca20ae967d3a3852

SHA512
64116b0d9108cee286750ff350aa83911ae05be2adf2e77ea47e8220d53b59b34a4746c9abc125e1f6e11217a7900f98cbfc47c46f6bc2a8c05430a9ae2d945c

Download Submit