c50a53d932b931006ce2e66608b0371fa51e4e45f66417411f7f25d735e3fd2d

Analysis

max time kernel
127s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

901KB
MD5

dced0ad37e18a695550ecf864d9ea8a9
SHA1

79dcb5eca1492b8df699e7dd9f7c37a1cf0b1976
SHA256

c50a53d932b931006ce2e66608b0371fa51e4e45f66417411f7f25d735e3fd2d
SHA512

ceb6416d8aaa3cfdf3b0d71a41f3b1319bcb37c66f6b8ed42d1d8767d79de3365e975f4ceab8b7e7d4a56e3f3837fdac006a308059fd586c59787c35ba45c35f
SSDEEP

12288:IqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga+TR:IqDEvCTbMWu7rQYlBQcBiT6rprG8amR

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
4512	taskkill.exe
3928	taskkill.exe
5012	taskkill.exe
2712	taskkill.exe
4432	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4512	taskkill.exe
Token: SeDebugPrivilege	3928	taskkill.exe
Token: SeDebugPrivilege	5012	taskkill.exe
Token: SeDebugPrivilege	2712	taskkill.exe
Token: SeDebugPrivilege	4432	taskkill.exe
Token: SeDebugPrivilege	1936	firefox.exe
Token: SeDebugPrivilege	1936	firefox.exe
Token: SeDebugPrivilege	1936	firefox.exe
Token: SeDebugPrivilege	1936	firefox.exe
Token: SeDebugPrivilege	1936	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
4660	file.exe
4660	file.exe
4660	file.exe
4660	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1936	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 4512	4660	file.exe	82
PID 4660 wrote to memory of 4512	4660	file.exe	82
PID 4660 wrote to memory of 4512	4660	file.exe	82
PID 4660 wrote to memory of 3928	4660	file.exe	85
PID 4660 wrote to memory of 3928	4660	file.exe	85
PID 4660 wrote to memory of 3928	4660	file.exe	85
PID 4660 wrote to memory of 5012	4660	file.exe	87
PID 4660 wrote to memory of 5012	4660	file.exe	87
PID 4660 wrote to memory of 5012	4660	file.exe	87
PID 4660 wrote to memory of 2712	4660	file.exe	89
PID 4660 wrote to memory of 2712	4660	file.exe	89
PID 4660 wrote to memory of 2712	4660	file.exe	89
PID 4660 wrote to memory of 4432	4660	file.exe	91
PID 4660 wrote to memory of 4432	4660	file.exe	91
PID 4660 wrote to memory of 4432	4660	file.exe	91
PID 4660 wrote to memory of 220	4660	file.exe	93
PID 4660 wrote to memory of 220	4660	file.exe	93
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 220 wrote to memory of 1936	220	firefox.exe	94
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95
PID 1936 wrote to memory of 1476	1936	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4512
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3928
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5012
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2712
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4432
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1936
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aedbbd23-4201-4aab-9606-ff593440814b} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" gpu
      4⤵
      PID:1476
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afae137d-e095-43de-82ef-8e86411d9192} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" socket
      4⤵
      PID:2468
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2912 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {508fee2a-eef6-4b50-9f7f-fbe364ded0f4} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
      4⤵
      PID:4392
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2560 -childID 2 -isForBrowser -prefsHandle 3940 -prefMapHandle 3936 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {483025c8-a64a-4727-9256-cd7da8480414} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
      4⤵
      PID:1504
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4604 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4736 -prefMapHandle 4760 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5f7fe93-f0d7-4f8e-9d73-e20555d7e940} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" utility
      4⤵
      Checks processor information in registry
      PID:1844
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 3 -isForBrowser -prefsHandle 5348 -prefMapHandle 5456 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {716b9e13-a8f1-4692-80e1-b55d76bebf9f} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
      4⤵
      PID:2636
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 4 -isForBrowser -prefsHandle 5636 -prefMapHandle 5644 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8954172c-696d-4174-b1c9-4e655021b024} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
      4⤵
      PID:4148
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 5 -isForBrowser -prefsHandle 5796 -prefMapHandle 5800 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c51835a-3e10-421d-829f-ffce4fa1e86a} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
      4⤵
      PID:4132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
24a3f94b53f9133c4cedbc789054948a

SHA1
c80ba1719906f016d8e95098519f170b04f6658d

SHA256
ec6daee5718c8a008bd67f4ed15a81686a047f928cf5f9590306836e07e3da21

SHA512
9c95bd7db0d2a9b4f9f4c1132bb4116fcee835c0ace0032cc0d69379529705029a8c061cf3149ef93a3d896b2d94b71947fad219fdb15aa38ffff5669653c037

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
5daa542cd4e6e6173daaa0cbdb566f6b

SHA1
f39fc7d5d0720225bfc7958da10476ff64e1f88b

SHA256
35799e2910da74a9d46197014c7f5f220159746f8d3b09b61070e05fd41230f4

SHA512
6e6b50a19df74ec9ad1830855cd593e573678d8dfd8277179c8e0b433e31441e79e1aaec75c4d4d0608cf876bba8a6958ddd95b64bd07ab7d475fb548daaf81a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
f295b9c87aed8f4a4bbb35cecfa5ac36

SHA1
f10821e0aaa215c01bc230a69af7b5bee28a99b3

SHA256
46ffc4e18aa8ed03e2e19be4e2c1f5d53356c7233cf839832096a11562543322

SHA512
136469e664b831bee97e64210b3ef16ccc02885147bdd6d2c6cc0ba5fcb0302704c9486c3b4a0b1dd7ed7916fe2b7e859c0788907df965f4068b03c34151880f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
8KB

MD5
71cc036636bcea377dc3501a849772c7

SHA1
f05d578936a7cd1f2f12bbd2bfc54e7ff0fc85bd

SHA256
de33a8acb7a1e1eb20300df8d94d9dcc87a04447e4391c205cbf48dc15568475

SHA512
c23b53d8f5ad783f1253f1539f58caa328259063dc1226091eb1a3cdaa54040d340590fb9acacf38784bb0c80fafe23fa3f6bde85d7a3872f705357db53c7189

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3079eb01168a172c68ebed51723c2da6

SHA1
8aada30de95de8d1ac33eeb39a4f986dde3498fc

SHA256
acf302ccda748fa168c748e240f3d3fa17ac25c783f49e05938551a122dc7bf2

SHA512
c5da04745c1d3c4481f761b3f5ef19ebb6be4f0c3a86d431e0a8cdb6103584c4106d0a860870c6db8067ded50129b3738d5214c2c28c3515686b64de30a08a4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b10eb6699a29145f1db0054d4a9112fc

SHA1
7dec363f5e541b999cc4334069db992fae9cd34b

SHA256
50cc6a18ad76cce08bb054aa919b0a7ac8ae1578ac2c7a91d82d4a5d62a1b757

SHA512
f9ea04edd3911e122d205c31b7453974366f089df9b0f36627f0bc942be77f8343ebb0340400ccfaa32a2accc82609ae251d7596a6cf001d89dbe357713ddd32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
7bd1eb981da78e14fbab6d8a088f93ee

SHA1
fe7c5851a85fdd4e375a186de5ab88ea8672c53d

SHA256
1b850321efe465c6f8fb43a18595a67243e875bfe378d758c3efa53990883c7a

SHA512
ae2de70be6132390341cd743d2e312e0679ba782a306b0e5d30e1eda741e3e2afb9547b4bbfbabf89d45bee9a178c905eee485cd859bf64e20ae27b6ecb047a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
ba7e4d585eeadd7474671f56e8349aea

SHA1
e77a91f2d9f65a76bd961a2708c6325378f0f238

SHA256
2ae57eef7cb2d1eee0c218bebef75ae0f1640ddfe316a90ffe7184065661cbfe

SHA512
1fa6cdc5ada9ad1fd12562df89169ead3991d289d8fea0e525ef9c56f3101aefe2dc7f49f72233346de5a69c3004da4fc2067f0527738d9ba2ca4352c676e26c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\0f395b48-54a6-40e1-aa3b-0507ea5327ef

Filesize
27KB

MD5
2c8ba164cc6a538491ea41874f2cd09e

SHA1
fc2dcf8cf7af5e60887a607b29ef880c1e489588

SHA256
4d174ee729d591a40824accf4b5908e7830994a0b6645f7a0619f8852e6cbec9

SHA512
f7407c92a22f9bef599eb20e1d1546c443280e5ae44919d7b41cde35a90ddeeeb993c76682357354163368cd379430a9d6819384a4087ac1f3054cd46eaf1783

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\691361e1-5723-4149-bba5-2109cb1e747a

Filesize
671B

MD5
47099f562ba6cbc945c24836fd7faf8a

SHA1
f80c57b360fa25316f4382c1325bf96ffc8d7c51

SHA256
b3fb86ac8394e6f13a70e9f19548eced07db274cd4d66187d14f7685d44645e5

SHA512
9c4efe3b972ffc9d687002963038457c170ff5f63d2773bd783405f6a0ce80c3cd3c8ba4ab9b4b6007fe021feb0f25f701f0b67f4d57596cf2ae6d80a4388827

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\908522e7-8d07-44b1-bdbc-a95d1a88e3ee

Filesize
982B

MD5
15b17682fbfb16aa92d7c23104dca306

SHA1
5dec11705539f3b2400a30263cd7f12a9a748e15

SHA256
a87abc731cf0219549fdb887793aa5edc9c19b4bfa81a9beb912534fcb0e6f07

SHA512
652b35c406da45eae1400df2fceb128dc7e3990037b845cb4f816c77231e4289dca6f65dc479ed977dcd436dbb7bd15280a29c2fb940bc63eba04f8e35f98ecc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
12KB

MD5
21ae32b0fd2ab9b6d2d35e63a7fdcb06

SHA1
581c8ae28cc9b6cab8c723f9ed42217347b13281

SHA256
effd76f6d157110c8768d63e85f5c74cc492bb726a1b1a598682528b40cc3f9c

SHA512
ab4776ef76a7379ac3970c3850598842d21660f57b749b4d91e16f4c06144e026975acf77f1702a561b0ab6aaeb1a000ea70d057f93c513a0e2faa4f86aa7a7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
15KB

MD5
b72752f171960b4a7e3edac76b33fc60

SHA1
fb46898a5344c834d1fd89b6500e792637ca1792

SHA256
719bc3c95f6472e6de4d9b61c28a68bb78fa9ef778b8d8e171df7c0669e11e26

SHA512
8c02649441dd9d9fb738da3b376a6a12fa8f5f7a5dc33dd25c060e851ac51d9ee347e34a9d202ad76778ee309de39ab6e2545b10a00805fe4e332b19bdc1a584

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

Filesize
10KB

MD5
20b965f7c9552498cba68a5d2a3b2012

SHA1
9d610fa2ce5a37d877110fa44a3a99fb71b27392

SHA256
557ad72052bdda230720862b9bf8a7fb76c58f71def6114db2773af2ed7600d0

SHA512
f342677e8a474cc66d15ff4fa1919345c59e944dccf709d445ffdd94afd733c50bb31cd8fabdb74d0f8f76757c71ff11b62656ad2b881edf0aae4d7c052bfbad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

Filesize
10KB

MD5
4af58734869c24e2e2824e5f82fd0014

SHA1
807d3028c96d288bd3f94c8313b0befbd0ec5286

SHA256
9a51ea3a1888755b43a3cc5c58556502f0ac312bc39e6c4830d8d5aa5237c755

SHA512
89f4feb289fa6be7334ebd7372b53394eca2b96cc8efa985fc001c179250480b91834b36a114c14a7c1d5cf1542ff7535c878a70640f2aff06b704755ce6ba0b

Download Submit