fbb1c5811042bfe6fbc3329c17e2bbb75279d315777768ef6b835a85e9331ef2

Analysis

max time kernel
30s
max time network
31s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
18-02-2025 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

quarantine/random_2.exe
Size

947KB
MD5

c87f37b640fa7e3e01b731b882bc2c89
SHA1

9308495700f0480079b7f98e3b4a5fe5bb7d49b6
SHA256

d799b9a2a2ff0d1cf4c76840719ce79a4719d22a590571b097779bee4c9dc3d0
SHA512

589b59d9271974f4375cb96a423fc32066e708a7ffc634f3bdf3ab07a2d59c99991afe2bf5055fafead91d2debab2017ebc58ff66f7040cbb3f73a70a9f4e7e5
SSDEEP

24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8aXX4kE:1TvC/MTQYxsWR7aXIk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	random_2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language	random_2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguage	random_2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 5 IoCs

defense_evasion

pid	Process
3208	taskkill.exe
956	taskkill.exe
2384	taskkill.exe
4964	taskkill.exe
4508	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	956	taskkill.exe
Token: SeDebugPrivilege	2384	taskkill.exe
Token: SeDebugPrivilege	4964	taskkill.exe
Token: SeDebugPrivilege	4508	taskkill.exe
Token: SeDebugPrivilege	3208	taskkill.exe
Token: SeDebugPrivilege	1836	firefox.exe
Token: SeDebugPrivilege	1836	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1076	random_2.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1076	random_2.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1836	firefox.exe
1076	random_2.exe
1076	random_2.exe
1076	random_2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1836	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 956	1076	random_2.exe	85
PID 1076 wrote to memory of 956	1076	random_2.exe	85
PID 1076 wrote to memory of 956	1076	random_2.exe	85
PID 1076 wrote to memory of 2384	1076	random_2.exe	88
PID 1076 wrote to memory of 2384	1076	random_2.exe	88
PID 1076 wrote to memory of 2384	1076	random_2.exe	88
PID 1076 wrote to memory of 4964	1076	random_2.exe	90
PID 1076 wrote to memory of 4964	1076	random_2.exe	90
PID 1076 wrote to memory of 4964	1076	random_2.exe	90
PID 1076 wrote to memory of 4508	1076	random_2.exe	92
PID 1076 wrote to memory of 4508	1076	random_2.exe	92
PID 1076 wrote to memory of 4508	1076	random_2.exe	92
PID 1076 wrote to memory of 3208	1076	random_2.exe	94
PID 1076 wrote to memory of 3208	1076	random_2.exe	94
PID 1076 wrote to memory of 3208	1076	random_2.exe	94
PID 1076 wrote to memory of 1908	1076	random_2.exe	96
PID 1076 wrote to memory of 1908	1076	random_2.exe	96
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1908 wrote to memory of 1836	1908	firefox.exe	97
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98
PID 1836 wrote to memory of 3640	1836	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\quarantine\random_2.exe
"C:\Users\Admin\AppData\Local\Temp\quarantine\random_2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:956
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2384
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4964
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4508
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3208
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1836
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2040 -parentBuildID 20240401114208 -prefsHandle 1968 -prefMapHandle 1960 -prefsLen 27412 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee6af19b-7b6c-4a6a-8398-4c2d6537a984} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" gpu
      4⤵
      PID:3640
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 28332 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5569b00-68ea-4fbd-b3bc-49117a3bc4e5} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" socket
      4⤵
      PID:2460
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 2996 -prefsLen 22684 -prefMapSize 244628 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {934d64dd-1c52-4835-9544-c1a5dc161411} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" tab
      4⤵
      PID:624
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3400 -childID 2 -isForBrowser -prefsHandle 4004 -prefMapHandle 1016 -prefsLen 32822 -prefMapSize 244628 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb67956b-e9b5-4e57-92cd-2408ed25fd19} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" tab
      4⤵
      PID:4300
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4872 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4864 -prefMapHandle 4856 -prefsLen 32822 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2956fd1d-ad87-4e51-935a-dbe52ce65243} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" utility
      4⤵
      Checks processor information in registry
      PID:4172
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 3 -isForBrowser -prefsHandle 5520 -prefMapHandle 5516 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6f03ff2-1996-403d-82de-8f3ec2877ed3} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" tab
      4⤵
      PID:4580
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecd1c32c-46bc-44ad-b72f-04baf89a7caa} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" tab
      4⤵
      PID:1864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5840 -childID 5 -isForBrowser -prefsHandle 5848 -prefMapHandle 5852 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40427b85-85f7-45ae-a118-b998444af86b} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" tab
      4⤵
      PID:3336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7z8hwau.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
8e273161056a1672eb4f2d16d0f49d39

SHA1
26106ecb5051384a674bf55c1b5ba2d5087e880a

SHA256
4af38657c580d0c40bb6228f5537bdad25dae3029074b3b514a465a778442ab7

SHA512
185992a4c73aeeea7eeed129e0427b89219901f4222f52301f3070c779dbfaa3bab54497882860e979b6835e24c0fecf0df8f434e57beff181d8ebace09f9d02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7z8hwau.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
d9255d409e85c9da1225b628903e963b

SHA1
5ca9baa5ad053132f13d66760914bbed83d7bc92

SHA256
f2e5efcadcb9c58fca478323c38d9e6388326cb5e61a927c2d3d8ec365b3c29a

SHA512
480d285ca2e18848dd5dd6f867978c4befa3b2eb11c8ce3ead06cbf2951f88ac49a9cf2c13066721e110357448488a3c424d153309fe719c7f00c0923c108bb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\AlternateServices.bin

Filesize
8KB

MD5
d02c5a9aa6944df1a5f957e7027d7423

SHA1
59426fbfcdfb9eddc3f7d8a6cc6f4c4af9396a3c

SHA256
792cf9c4acbf9286131aef01ac344fcde9a86218fbf40f4dc5d84aeef93b4fee

SHA512
4e6a85d0ef9ba61fd118b5b8c4370d3ad2c1034f1db9b22983cc9fd0d9177e971d04850e44d8c17a76a356ef3191881a0562f67a3f65da00efb05a84ddf3e4ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\AlternateServices.bin

Filesize
13KB

MD5
263e6f6c016d4f700d2e328ae2fd2148

SHA1
e156f886314dff8ddd050d46eefd0a9203bb1d20

SHA256
32d25db1d86970840906ffcf96414e7b3bf97aa8dea7386eb17d37862dd2a242

SHA512
8cb0a83f382d180c98d86d13cfad705dbce4e809ac417bc43e2b7247138a9d9a203d809d0203555742f629dc4a74e7fac5f597807e652b421f0c483df7fcb171

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
45f2aa76840db1b09ca3b701108c63cd

SHA1
e908330d06983aaa9b69b2f287eb60a9e3f732bf

SHA256
40ce9493c518ffdb6aa70a38a72f380b639e33e0b24d8ed345e93dff40c8364e

SHA512
09ab2bd9c14d059ed968e3844bdeca05ff5e67a4458c53ae00f7e057c6e8a7e8e0e4759df7c0e436b028fd11993c7b8efaa2b6009cc4124c9a3d3582e5f10fc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
7837625a816094183686dcbddfd29371

SHA1
5a9669bea26d8ffdb27f16df845569db59d0c1bc

SHA256
82b063792d8a7da5c5ba35848a053224a7c8a6d48c0472463000e289e6704d42

SHA512
42bb728cf69a82260b4fd956513798caf4a66d3161c46178157eafef6a81be3e77cfa210b85130d5ceaa64ff95c024448ea3512dc4ae9904742abd6350d45945

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8aa0df9e50144ca4705cb664acccae8f

SHA1
4adcacf441fd057ed430af7d5cb51cdb731f4e49

SHA256
bf3a0cd1bab70a57a8578821a51d786d9a94c2679e774c8a3b53ef7db3594339

SHA512
6e0a5cf1bdfd382c7d369ddb8c5f0dcc3db2c959f8f2f87fd818343c71b551d2a83a75964b4c48fd1da0b9559b4e0681aa99e2aee9ba1229715897e389ec0a4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\datareporting\glean\pending_pings\3616cbe2-1744-46b0-abda-afb77b4e91a7

Filesize
29KB

MD5
4349753528a7be977ad6ccbecc471ca5

SHA1
de751184337ed6100469be962049a708dbab8fe7

SHA256
b24a250f4ec3f42ba62725cf36079782cb4659a2ae3485c3ed9017c4844a5cba

SHA512
bd05eddb78a3f73b6c888172e13fe9e9f3236f6ca54e5fcc683195adba7667db4c1c297dad72204347caf676644f6a6346a3b9a70b5a5f2834b62cd8cb48daaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\datareporting\glean\pending_pings\f84dae11-5063-4706-b62b-08cdcc0f62af

Filesize
905B

MD5
65c0791c8d19c27d5b507527c7e33d01

SHA1
625f2802ad29d8a226e3f8d4a68528695d0535b2

SHA256
5413841dce6cef1ca7696b4bf9fddec5929cee7b590e23451ec574739c320699

SHA512
d993cbe54b1da3947c3b1b0347ff66ac7f3c826c6465d5160cbe035d28eb32513cadda148091dd7dcea7c811a68a62fa6229bd2b71a59ddcaf2f9acaa00e7136

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\datareporting\glean\pending_pings\f9567f3f-2f05-40a3-b9c6-ca0607057704

Filesize
671B

MD5
3356b17b52b22c3c7b1ecd4b027d0074

SHA1
f2d3b28849ea0330ce5c99489c0f869a728b3b07

SHA256
ee589504316725b6422d0fc8ba8cc1df8a47d9d87c0aaa44058839eb915d09b7

SHA512
4093fb553763fe4058a916733d136b70f11f46c206d58d0fd8142fc3c6ac5e0c65964381acb8737c42af0a04c6a5f5fc6cbddec3b8a2af157305c42c3fc2ae79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\prefs-1.js

Filesize
10KB

MD5
011fd4549704b8378bbcff0efea4e8df

SHA1
fa6d626c0629cbd51936a9ba8f1a4656c6630523

SHA256
30ba6d55601a494d35b59f7e6ef126e0065dfef4ce9df29f364d846515fda676

SHA512
7c5523ff7d176df315228f25a044d208fec37dbda9782a9d0993cd27e10892771375371386111c38a63025e7fadd6d16e1425d8c4403f996584f28cc894f6f0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7z8hwau.default-release\prefs-1.js

Filesize
9KB

MD5
272ce2e54ca5fdb464ac620989e1ae3a

SHA1
88569a29a8e8af4fc83cc0a6cdb14180e14fe8c6

SHA256
e0b20481cae2bb41377edf19fab4f10e5f927611b79810dede344381cb640aba

SHA512
f8724d87c6d3e4f89a7b9f479fb87bce499e75f8f67f3a27bbd8d0f0910e785ebcf831ad55e634e51ffe27458df2cab6741b8a8fafa4fd4003d2cbc5d5e2921b

Download Submit