Analysis Overview
Threat Level: Known bad
The file https://mail.voipmessage.uk/XYkpZVE11d3Y0NlBISHc3WGc1elBvMTdoc0poMDhEZUYvU3lxUmsvREdrcFk4REZDNXFLdkgrS09XZm9CclVUSC9VeGlXczVkQ1RCYmFadHFwN1VEV1RpaDdnRXJXUlRsSjA1b05zUkZMMXlzVTlhcDFTUHM5NDRiejdBNC8vdlZZQVdpMEtZTUsrMUlITUlWbE5QSTBEWko4dHpsUGlEb21VaE1SQ0FZVFJuLzRMdmNBRzc5dG13TitYdG9XMHNOYXh4WEVyND0tLWpGR3ZJSWlwM3g5VDJpdjctLUdqc040UVA2eUlqL1B4amJEakl5UUE9PQ==?cid=245186913 was found to be: Known bad.
Malicious Activity Summary
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 03:09
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 03:09
Reported
2024-05-29 03:12
Platform
win11-20240426-en
Max time kernel
121s
Max time network
143s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://mail.voipmessage.uk/XYkpZVE11d3Y0NlBISHc3WGc1elBvMTdoc0poMDhEZUYvU3lxUmsvREdrcFk4REZDNXFLdkgrS09XZm9CclVUSC9VeGlXczVkQ1RCYmFadHFwN1VEV1RpaDdnRXJXUlRsSjA1b05zUkZMMXlzVTlhcDFTUHM5NDRiejdBNC8vdlZZQVdpMEtZTUsrMUlITUlWbE5QSTBEWko4dHpsUGlEb21VaE1SQ0FZVFJuLzRMdmNBRzc5dG13TitYdG9XMHNOYXh4WEVyND0tLWpGR3ZJSWlwM3g5VDJpdjctLUdqc040UVA2eUlqL1B4amJEakl5UUE9PQ==?cid=245186913"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://mail.voipmessage.uk/XYkpZVE11d3Y0NlBISHc3WGc1elBvMTdoc0poMDhEZUYvU3lxUmsvREdrcFk4REZDNXFLdkgrS09XZm9CclVUSC9VeGlXczVkQ1RCYmFadHFwN1VEV1RpaDdnRXJXUlRsSjA1b05zUkZMMXlzVTlhcDFTUHM5NDRiejdBNC8vdlZZQVdpMEtZTUsrMUlITUlWbE5QSTBEWko4dHpsUGlEb21VaE1SQ0FZVFJuLzRMdmNBRzc5dG13TitYdG9XMHNOYXh4WEVyND0tLWpGR3ZJSWlwM3g5VDJpdjctLUdqc040UVA2eUlqL1B4amJEakl5UUE9PQ==?cid=245186913
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4992.0.1077632215\1587581086" -parentBuildID 20230214051806 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37966f49-105c-4316-8eb1-9196fd50dfa4} 4992 "\\.\pipe\gecko-crash-server-pipe.4992" 1892 1a640804d58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4992.1.365450242\1599027186" -parentBuildID 20230214051806 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e604bed-4885-479c-b017-daf39535024c} 4992 "\\.\pipe\gecko-crash-server-pipe.4992" 2440 1a62c58d858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4992.2.98445500\259118937" -childID 1 -isForBrowser -prefsHandle 1284 -prefMapHandle 1400 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d64889a-5580-41a1-8e62-8cf8bce11b8c} 4992 "\\.\pipe\gecko-crash-server-pipe.4992" 3004 1a643841e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4992.3.1443397127\1789583092" -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1f4569e-c91c-40c0-b902-56c446f0dafc} 4992 "\\.\pipe\gecko-crash-server-pipe.4992" 3644 1a646682b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4992.4.1368656260\376850529" -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 5204 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e129d24a-c903-4364-a09f-ac56c188eaa4} 4992 "\\.\pipe\gecko-crash-server-pipe.4992" 5220 1a6481a8b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4992.5.1091605651\363990723" -childID 4 -isForBrowser -prefsHandle 5432 -prefMapHandle 4904 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56da790c-35bb-4f1f-97e1-08bed90b0df4} 4992 "\\.\pipe\gecko-crash-server-pipe.4992" 5240 1a6485bf758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4992.6.369098630\1879850311" -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5584 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82cf0948-df5a-4fca-862f-d52135cfd093} 4992 "\\.\pipe\gecko-crash-server-pipe.4992" 5596 1a6485c0f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4992.7.952982834\1505639834" -childID 6 -isForBrowser -prefsHandle 2884 -prefMapHandle 3120 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22874ef4-0403-4203-a1af-f7f5a3ff86bf} 4992 "\\.\pipe\gecko-crash-server-pipe.4992" 3064 1a648e10e58 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49740 | tcp | |
| US | 8.8.8.8:53 | mail.voipmessage.uk | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| IE | 99.80.57.130:443 | secure.encryptedconnection.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 44.237.65.238:443 | shavar.prod.mozaws.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| IE | 99.80.57.130:443 | secure.encryptedconnection.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| N/A | 127.0.0.1:49746 | tcp | |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| GB | 23.49.165.247:443 | img.en25.com | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| NL | 2.18.121.79:80 | a19.dscg10.akamai.net | tcp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | tcp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 3b9f771ee0c1e8681bf31dac6a41fcc3 |
| SHA1 | 1e96a4e8c0b9c3ce56971697683915f83786a849 |
| SHA256 | 6aeddd3d575a0d896eed49016bf4cac8e5043c545a7335b0ab22dfd13be372e6 |
| SHA512 | df0124f82607e83758658c1a977d1a67dc4e0da6f1d05d4c21e291da6f290904be91a82a2719f5b16a8825a71cd148e2666bd97825791596a96426e66e3f18c2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\prefs.js
| MD5 | 6a116a95b80a9a92bb990acee7f1cc22 |
| SHA1 | d707b2d0501cc27411d4ba4c0390edfe45be345b |
| SHA256 | 6148db62fa1847ffabd7e352a75a3aed50d90bc8d8babda6526ee75d3f0f858a |
| SHA512 | 5989609ec5a672ce99eb6d14be068b1afd07a37b39b1c80b92b43533fd62fd27030d82e56a9fdd39d69dacdb12a9407a7a82c85c524f202755d716091a47af6a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2bfc1fad942545e55b95d284f9ba100c |
| SHA1 | 29f71729f094a94efb962f8cbdf6bd8b8a16feff |
| SHA256 | 581a1220dcd853b6820451d2d66a475e85ae57983b5a5f7e4d568eb98ac9cdbb |
| SHA512 | 43a6cedd47e3841bf223d72ff2a352e4f10a925d13d549653967f2fa8f37a286977fc24729f6e800951b5f8d101170ce2b185c985c45ddc8d44aa2f8c4dbba93 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9755dca13de226588ee0783135cad776 |
| SHA1 | 05c3a6fa654b90ff45ac3fd3ef18645412474d81 |
| SHA256 | 51b69308f6c9bd34d76c273a6137c21d24dadc68aadb937817da56e0808a705f |
| SHA512 | 158e156bc0889a07095710b749b56ae7ef009db1c634a78034277917cbe6092bc2dfb057e6f73cff3d8bf54faf1c054ecfa1c226623aeff6cda25b0f46a9e066 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\prefs.js
| MD5 | 7581506538f65d670b2bf4bacf918b5d |
| SHA1 | 3fa1442559ed418a04b1f59a8001bde3e1029c47 |
| SHA256 | e1fe710ecdf40d78d02961d0d21ca3a1bfee7a453a11fd8979c09d8dc09c022c |
| SHA512 | 6366673bc01f9d138e7eb4ac2aa44008429e5b74d2d11801164e91b7ba603c34c6fd5f16a9a05e7582e4eb7a4939c1a60def39a49db8cb4bd4e2730666e35bf7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
| MD5 | 5f5846f87201249c9834cc00fb3899dc |
| SHA1 | e746189729d5f8ef3337bd7daa639dc6e74331d3 |
| SHA256 | b1552f8ba0cad216fba499a01c3253a95f80189f1519f32f85cc9459d9d0a804 |
| SHA512 | 957c39247cbfc93ec9324054c96c186c3ec29165c47679cd62ded031eae9cd72172eb8d3a492c0f596a40861c0dd47e3a1d1e1f432ba9ac9be4380afbe7d1959 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\prefs-1.js
| MD5 | b9dd5e505a8fc8feaba87a7c17ce5c80 |
| SHA1 | 4e0724202c6d14e60c63d31e1d8bf403aa61a103 |
| SHA256 | f231eea47820aea05b524ee6dbdde7e02ea0ef2046d1e3ca29832534fd76ae23 |
| SHA512 | 900db3d5c291c3ba6a0e7c04cb08a6d6412934a723d1cc4b9ea63ff25cbe20f5d3dab16e87c6dadb70a7e3ac5e09970fb1e2f61e3b01a075bb97dd24e8224781 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\prefs-1.js
| MD5 | 350be1ce1d5561bbb256f391a64c32c6 |
| SHA1 | 23024a8c000c3e6957f1eb672523c1e6350d4c4d |
| SHA256 | 5a5d293ea8a61273ccda3634d9a2e84de5c50c627f52da11e9e6de9414509cae |
| SHA512 | aca241646cb1a239016e592d2d8af41f035a169ff91c876587c71f813d17eba344af7098485a3251f05c49dab0461b34c7dac1faa3ba9d16a68fb067af59f500 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 03:09
Reported
2024-05-29 03:11
Platform
win10v2004-20240508-en
Max time kernel
143s
Max time network
150s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://mail.voipmessage.uk/XYkpZVE11d3Y0NlBISHc3WGc1elBvMTdoc0poMDhEZUYvU3lxUmsvREdrcFk4REZDNXFLdkgrS09XZm9CclVUSC9VeGlXczVkQ1RCYmFadHFwN1VEV1RpaDdnRXJXUlRsSjA1b05zUkZMMXlzVTlhcDFTUHM5NDRiejdBNC8vdlZZQVdpMEtZTUsrMUlITUlWbE5QSTBEWko4dHpsUGlEb21VaE1SQ0FZVFJuLzRMdmNBRzc5dG13TitYdG9XMHNOYXh4WEVyND0tLWpGR3ZJSWlwM3g5VDJpdjctLUdqc040UVA2eUlqL1B4amJEakl5UUE9PQ==?cid=245186913"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://mail.voipmessage.uk/XYkpZVE11d3Y0NlBISHc3WGc1elBvMTdoc0poMDhEZUYvU3lxUmsvREdrcFk4REZDNXFLdkgrS09XZm9CclVUSC9VeGlXczVkQ1RCYmFadHFwN1VEV1RpaDdnRXJXUlRsSjA1b05zUkZMMXlzVTlhcDFTUHM5NDRiejdBNC8vdlZZQVdpMEtZTUsrMUlITUlWbE5QSTBEWko4dHpsUGlEb21VaE1SQ0FZVFJuLzRMdmNBRzc5dG13TitYdG9XMHNOYXh4WEVyND0tLWpGR3ZJSWlwM3g5VDJpdjctLUdqc040UVA2eUlqL1B4amJEakl5UUE9PQ==?cid=245186913
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.0.1787772350\477803263" -parentBuildID 20230214051806 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ae7c32f-b7e2-447a-aea7-bb482a0dedb1} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 1840 21ff7504a58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.1.934152003\1858771446" -parentBuildID 20230214051806 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e98cf647-3dec-40a8-9c83-fa0ea7e3989d} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 2488 21fea88f058 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.2.176909289\1421496427" -childID 1 -isForBrowser -prefsHandle 2768 -prefMapHandle 3012 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4c845f8-ccfb-4ec4-8a02-5362f1c8a402} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 2972 21ffa43f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.3.170168981\823254839" -childID 2 -isForBrowser -prefsHandle 3816 -prefMapHandle 3812 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dfd68e8-995f-4ca4-9605-f054c2360fd9} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 3828 21fea883358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.4.392369256\1785862878" -childID 3 -isForBrowser -prefsHandle 5256 -prefMapHandle 5236 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67e7a8fb-49cb-41da-821e-78f9a3ff4559} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 5268 21ffdf43358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.5.975401086\1375819887" -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5408 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f9f4a56-99e8-4174-8a00-332b2837b243} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 5396 21ffdf78658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.6.1664111162\1741770416" -childID 5 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {251170ac-3e69-4983-aaf9-c4c64334b3d5} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 5668 21ffdf76558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.7.1509484562\1014140666" -childID 6 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b44722c4-3c8c-41df-b2ab-6a4a5b540fff} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 3176 21ffe80e358 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3824,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4172 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49814 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.voipmessage.uk | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| IE | 99.80.57.130:443 | mail.voipmessage.uk | tcp |
| US | 44.237.65.238:443 | shavar.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | mail.voipmessage.uk | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | mail.voipmessage.uk | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | secure.encryptedconnection.net | udp |
| IE | 52.212.250.15:443 | secure.encryptedconnection.net | tcp |
| US | 8.8.8.8:53 | landing.eu.knowbe4.com | udp |
| US | 8.8.8.8:53 | landing.eu.knowbe4.com | udp |
| US | 8.8.8.8:53 | 130.57.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.65.237.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.250.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.en25.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | e5763.x.akamaiedge.net | udp |
| GB | 23.49.165.247:443 | e5763.x.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e5763.x.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.165.49.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:49822 | tcp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | f71dbd60cd9819285e0455d72e46b75c |
| SHA1 | 9076932108928fe08d46e0a337df6b40dfa43aaa |
| SHA256 | ac96b075917e2f71a0371bcc02bb6432e2955f086f44f17280f68a57cb5f8339 |
| SHA512 | b0fd2803791cb566e3c224f14d2de56aca9a8401759899025088936ab127fc61b2a34f91a9acca1d217fa3aa3b61706ab1549e6bc63fdded35f6273c29d146b8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | de99020498577df60a01ecbc87a15eea |
| SHA1 | d21324f97d265bb797d47c0c88944dea37ae48f8 |
| SHA256 | 09e5cc4c15d4eb870b8dbcbae69c7e0f5ce6c46865954abbd412e59c20c4e14e |
| SHA512 | 49eb009809002c1987961387eaf9075b3e77ad8ecec7044b55a9bbc9e2c2d93c584d7c897d1c1b86b917c8c901802061e5794c542e3724d9e12fa0119d420cde |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 01a41cb17bb905e427a04b04fb024e1a |
| SHA1 | 74a455800ce5d215ce19f12e9014bba342969871 |
| SHA256 | 7ed167d7df9c0b9870d8bb0f46307147ce2a0f77ed28a4fbee38bd8312edaf02 |
| SHA512 | 29f29a128c6cf89062588fd93de39df9422d50fa7f69d0382ea55688c3cd7ed00e67c67487d60383f158491c20f7487b3a76c0f5e110259109eeb819f32a3594 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
| MD5 | a1367906b365b4789776ddf749b1c71b |
| SHA1 | 5bde2e0bbe069561488e23026ebe4f97afa60d15 |
| SHA256 | 431be89e77494cbf339402e66abcb17b5f76479dd5243b83dc606d8eb57681b3 |
| SHA512 | e3c6d30e3c9b3ac5f915ca4cf9911e9539dc05f58061b244c2d7d64988b713b0fba977913b3c7136ecf95da00f40a9e4309cd5773f5fbbb5acfc44c7d8c667b4 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js
| MD5 | eb86b216cc5c1d0815958bb6babfb570 |
| SHA1 | 59409247d51f8d655c9eab7231f40e36f7b15347 |
| SHA256 | c15e87726a7034934e04cd1a45fb8eb809b109d873006f30f1723bf09260c0a5 |
| SHA512 | f233834fe633855916fe4b70fad73d5c41bb89726f8265d5fe43fe826090c21f600cfcf3ba56c3f6a118a5b67e40ea225a947591217671b77f5836e957cfda8b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |