Analysis
-
max time kernel
381s -
max time network
379s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
02-07-2024 16:16
General
-
Target
download.jpg
-
Size
10KB
-
MD5
521f078abbeb8edbef8a197da243001d
-
SHA1
4d0b123160c4a9fe95567b78bfad6e1c8040fa5a
-
SHA256
fecbf15e41c3e54ffae04b2a6b39ec748a185f85b8c7a6407a329e6959e9317f
-
SHA512
2b063ef18a45187ab4d8c59ca029ce0b1900a5bb3dc25f7d9e982fbe3f0b85b2ae8b05ac1627705eac1ab34e4130c22078d456f8c14d9104ec23b9c8bc820d12
-
SSDEEP
192:oybUDmI7lgqVr4hhKIhc4DsLY57TSNDs1yZXpO92Bg3mk+hN:7bUDmIJEhtacsuGDayZXk92Bg2kW
Malware Config
Signatures
-
Drops file in Windows directory 11 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 9 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 11 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 7 IoCs
-
Modifies registry class 64 IoCs
-
Opens file in notepad (likely ransom note) 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: MapViewOfSection 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 38 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 49 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\download.jpg1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.0.2045178889\1581963649" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1744 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ce27eff-97b7-471f-8701-9eea23300fb4} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 1828 2a2956d4058 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.1.575706423\1098966597" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22240ade-5621-48d9-83a9-112e6e935171} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 2184 2a29560a258 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.2.1361380426\849169112" -childID 1 -isForBrowser -prefsHandle 2768 -prefMapHandle 2744 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb3b6bba-674c-418c-be6c-45d2c6bd39f6} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 2672 2a29969d058 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.3.1941307956\1279121525" -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {469ed792-d8e3-4547-ace9-58aa1cd1b82e} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 3516 2a283162558 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.4.1904261263\656281836" -childID 3 -isForBrowser -prefsHandle 4356 -prefMapHandle 4352 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94fc02cf-b01e-4faa-840b-2dbc5233df83} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 4368 2a29b4a5b58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.5.2001475916\264786842" -childID 4 -isForBrowser -prefsHandle 4712 -prefMapHandle 4840 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e7e1fb3-a276-404c-aed9-1d374a70e963} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 4800 2a29bced858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.6.1894302046\1080732036" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {398134b6-f5d8-4d6a-aa52-8a6fec5a7a4a} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5004 2a29bcede58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.7.253755030\350667306" -childID 6 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff210f33-cdee-408e-8bd2-d0d2693c061c} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5188 2a29bceed58 tab3⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\resmon.exe"C:\Windows\system32\resmon.exe"2⤵
-
C:\Windows\System32\perfmon.exe"C:\Windows\System32\perfmon.exe" /res3⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\klist.exe"C:\Windows\System32\klist.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\klist.exe"C:\Windows\System32\klist.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\ksdydr.exe"C:\Windows\System32\ksdydr.exe"1⤵
-
C:\Windows\System32\ksdydr.exe"C:\Windows\System32\ksdydr.exe"1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\79a0bc87-9289-4828-b86b-d22cf35d208a\3950266016.pri2⤵
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\download.jpg" /ForceBootstrapPaint3D1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\chrome_installer.log1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\026d1a02-fa0e-4291-9639-232e7cae9f72.tmp2⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\jusched.log1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\iexpress.exe"C:\Windows\System32\iexpress.exe"1⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.dbFilesize
14KB
MD5a32627c0bb4eb2b4cd89e5a72e681eaa
SHA18a027374ab717cb3a4f1d836c10e2acc56894d99
SHA256e4fbc3b1334f59edd413505dea5ba7c69506e3b530936fcc1032dc054b0a56f6
SHA512ac311be71365476609c605837c592ee09c37a40f5c3c323b29a7e50a238c9188ca24ab6c55ab853b275c0a8889c31ed21dd6ce834a9a46263b1bccca0e58f93f
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.priFilesize
171KB
MD530ec43ce86e297c1ee42df6209f5b18f
SHA1fe0a5ea6566502081cb23b2f0e91a3ab166aeed6
SHA2568ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4
SHA51219e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.priFilesize
2KB
MD5b8da5aac926bbaec818b15f56bb5d7f6
SHA12b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5
SHA2565be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086
SHA512c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\12953Filesize
11KB
MD566de2e38c42bf02423010e12ed4ee396
SHA146c313014d2770d2bb8b5e82b23d4ef013072560
SHA2564f62f2e2182aeb9ba1fff951dbb328fb15ce2ad3a2621f750e478d8f62368142
SHA512fb04875fce9861052c16d69faab9e4f6457e9ddc3a77eacb5cefce571596ba03f57dcb19f17ca07173b6f5ec93684cc01c12168366b187118e955684296082fe
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1AFilesize
13KB
MD59be6b73a00ae0dfb67258de7d53e2c0d
SHA1d43e2de4f973ee3da7d1b2694ab474c55bde3870
SHA25641d1d0314faaf58b4dcb0d6ffc568bedeae7858a94d4b8532a85e493bdf62f8e
SHA512f339915b764ad1244df8f21c59daed2c7404f44d239c897dcd0c92d993c4305cff19016026801153d351483829ba1aa0640cb2ceab88fe4f6d006202661415b8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.jsonFilesize
237B
MD5031f04743fd1e7986a78799edd5e5cf1
SHA14e6ca3e8cf7fcfd886a22c6fce095fbdf819274f
SHA25680a4e68a1b2f91729091dc912484978e354992af337c3e4156c9510e61810ef5
SHA512c3ea456c4980664836dfb2ff15fce10eabd8402c1505ac0bfd3ef9ee421d2575ab57a696cf71dc9ca14ab638335bc6956a8f01844c39ac66c58758639683e48e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.jsonFilesize
2KB
MD5404a3ec24e3ebf45be65e77f75990825
SHA11e05647cf0a74cedfdeabfa3e8ee33b919780a61
SHA256cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2
SHA512a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF86359FD0988C9851.TMPFilesize
16KB
MD54902e4264b875f8042ed843fc3cf16bc
SHA1cf5271dac283889f0e7a644e454df467314017f0
SHA256722806574b5cf0a5b95017336d255101729d67468e12b0adac2d2942b5217fb0
SHA51243683f55420663b8cb7cb08b29cdbe0ff47f12e8f1b1dbe47552d5497c63a35cfb0c64ed7b0c12c7a12f9f8909e801e3fac240776686a568af38d4e3d7a2102a
-
C:\Users\Admin\AppData\Local\Temp\tmpaddonFilesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-msFilesize
5KB
MD588a967baca69bc6ae29db7f0d7458f2c
SHA157e94e7ce403d88282bf4cad468f0596890977b5
SHA2564f82f2d624684d7e92f38afb2dc48ba44be147ab07a333176909c27548715b09
SHA51258d59cf9efa8b0755acf938bc7995a9719733c5b03e900c29f652aa406a2010dd7453fe8f272fd6eadb1efab393ac61c39869592d8fdfebaacfb716dcedf2863
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD55f4662c6e8ef263ee46cb866f032209d
SHA1ba8b50c0f400e1619785d0e67fb991f6ebe50dbb
SHA256930267d47affdfdb42858614fe5dc8b28a3ad99d030f20e6a3448aab1e99299e
SHA512dacbd15a18e61f5fe63435907dfd9438a8adfaaad10c32cd3ad4c773a9d12be28042a602e2d810d10fbf8fe768fcd207aec231cc756b21c3d69f38e36041a33b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\15d198da-c108-454a-b80e-969199318cffFilesize
746B
MD5fd3787f06e5e236574f6b06d4a18798c
SHA1fa1853467d9cfa6cb354e536773f3f6968308725
SHA256a013ca8eeab8d366e7eeab0b8f445ff453e30e88acc6b701893733f6393c4d00
SHA512bf706f5ff606f207476b62278db38c3f05cddf2362ea11716bfa83a5d3e5d035e47b96801e55e816ed125bbdd96748af45977ed432b6abf1eed17d53e564cfcc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\e2f61dd4-fe10-4398-91c8-b0be76a7449eFilesize
10KB
MD5cfe0719168df55910dfcb447584bea88
SHA11d95a0ef7aaae5b9bbb741ac99357fe9dc992536
SHA256fb2293abec46c65c9ebcc1fc4db3a0c7d5817500e001a01cb5ae171a8ddaa1f0
SHA512c481ae3c27c284921788cff0ef8713dc307072eb1b4da3f1debe70cbdb14c4e205691cc9462f189c58f58158a309cb9c8d7836303dad73ad206f9996cedbee67
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dllFilesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.infoFilesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txtFilesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.jsonFilesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dllFilesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.libFilesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sigFilesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.jsFilesize
7KB
MD5a57ede6ff9905184210be5a9f299ae5d
SHA1d55af5e6e672c8a7ec28f8992af8702ff50fcfbd
SHA256ff110cc68e2f80c5b8e0a77fa44f209dd708037cd3eaf10f37d2a94fbf3c9534
SHA512c7083b719be387b3981c9082d36601d16e84e7fde6bceaf8ffc6f745ad9ca27253fb4e1ab1015d2a5efb32a974812e92f8c386ccad4a0d059300eded96867818
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.jsFilesize
6KB
MD5a93f2a1f367de74da5104b3b7da8467d
SHA13f4809b467c4134cf1bfa48fc583bec49c542df3
SHA256a2f57f46a59496305dee6c997626548fa3f2ede39420e2d5e87ec3c381e7bb7c
SHA512299a93216a27b27bfdaba287ed34cfce2b8b431e8114eac036e7658ccba72d06d8bcd1037ce4334775ad6f0f46677df5833c8e3ea16835d9cf705cf7daf7dfe5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.jsFilesize
6KB
MD50feea4039c94f96eec1f16cb028def64
SHA1d10f5d743ce89abbd1f4bc406155c058cc52f4b0
SHA2567216ef13063b985590d2c3c922cfb3529702790e0c426bfaf54a839d9f98a1ab
SHA51273e5fdfbcaf29a1378d4c3cf9dbfd21dba8b840f6696c4f739de3696b520e6bc195a55052993ab1d71354761641b1d41cb5aabfd565a447e57c521e78e1036f3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.jsFilesize
6KB
MD5cff0622fa91b0cac5bf8ad126818deb2
SHA156278751ac16386c76f119bfbc4379dc6dc6ba51
SHA256a071e9bae1dfec2be7bbd6567a3f35bb694e32d0bb8d92e2fa560fd02be7d106
SHA512b0b513d427e4526195ee931fddd7af84af574c063acfa7f1595a37a5d2cb6f4e1286cadde378000dd2c24cf3e2e0ada2629552a473e4baeb371f927cb5fd4934
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD5098e84d75da7828912825603a091d7b7
SHA19476e3f0a554406cc5f3de685b0ad981305d5879
SHA25638b7c5c02c0c8cba714d8f5e06ecdcedda70b7d84877bd76605b686ad2c9f337
SHA5127b81b8ee973be682f426740697ddf0f5ce939da1d0afee6c3be8ca13897c484ff61f29f15a6f514325e6de1742a3b07cf294375a282b6c7e710fcb76df449126
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
8.0MB
MD5568e68ef4ab99174ef26093335e1f719
SHA17e521982df6abfc0446ad65fa82ad61d7bac0352
SHA256d013ff6ca645fc743a207a15189dbec30a6a5ea80fa47765ecf8b03f4fca6eda
SHA512f8a1d357830fa6a6f1264182ba439a1692f00ac880f214c5a260fa194fa9ea710eeafef80ad265a6bacfda4841be467f95e03bf0a1bcc36d45221175d343c819
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
584KB
MD5018b3407fee004e8033f17430ef22647
SHA1751aa5df4b2a4084fbff34150f1eed1ab86a39c1
SHA25671a39e120b76315dd041c47bf73ffad9581b948e6834043df803fad8df1d7e28
SHA51296051feb816c9639b76ee314d00b55c713893fbb6f2d4326feb0e6a98490998d751d36989e236505a61351d96413febe3aa8312a3355e799d19fee6b26e43f76
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
184KB
MD5731c0e733fe1e3123d366af7c8e578ae
SHA19756304ea773dd9cd96e5996dc79de2ed6a9ae9c
SHA2568f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359
SHA512d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427
-
memory/372-299-0x000002848A320000-0x000002848A420000-memory.dmpFilesize
1024KB
-
memory/372-304-0x000002848AB20000-0x000002848AB40000-memory.dmpFilesize
128KB
-
memory/372-325-0x000002848ACA0000-0x000002848ACC0000-memory.dmpFilesize
128KB
-
memory/712-261-0x000001854A040000-0x000001854A042000-memory.dmpFilesize
8KB
-
memory/712-259-0x000001854A470000-0x000001854A570000-memory.dmpFilesize
1024KB
-
memory/712-266-0x000001854A090000-0x000001854A092000-memory.dmpFilesize
8KB
-
memory/712-264-0x000001854A070000-0x000001854A072000-memory.dmpFilesize
8KB
-
memory/3192-253-0x000001B033DC0000-0x000001B033EC0000-memory.dmpFilesize
1024KB
-
memory/3640-225-0x000001DC17A30000-0x000001DC17A40000-memory.dmpFilesize
64KB
-
memory/3640-208-0x000001DC17920000-0x000001DC17930000-memory.dmpFilesize
64KB
-
memory/3640-243-0x000001DC14E50000-0x000001DC14E52000-memory.dmpFilesize
8KB
-
memory/3640-286-0x000001DC14EA0000-0x000001DC14EA1000-memory.dmpFilesize
4KB
-
memory/3640-283-0x000001DC14EE0000-0x000001DC14EE2000-memory.dmpFilesize
8KB
-
memory/3640-290-0x000001DC14E40000-0x000001DC14E41000-memory.dmpFilesize
4KB