c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d

Analysis

max time kernel
124s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
Size

897KB
MD5

88f5ee9048198b17b68c8c960b6888ce
SHA1

d0e82acbd32a243dd71532c07dc2c0b3058f05a3
SHA256

c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d
SHA512

1d43b60b063ccf3ca3145669f08f117873a83b6391d40abc04b986d99e7140dca1deb48d711761860a0fd8eace74108897659dad9cd048add98977cd77df6c36
SSDEEP

12288:tqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaxTZ:tqDEvCTbMWu7rQYlBQcBiT6rprG8aFZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
3464	taskkill.exe
2296	taskkill.exe
3528	taskkill.exe
1424	taskkill.exe
1316	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3464	taskkill.exe
Token: SeDebugPrivilege	2296	taskkill.exe
Token: SeDebugPrivilege	3528	taskkill.exe
Token: SeDebugPrivilege	1424	taskkill.exe
Token: SeDebugPrivilege	1316	taskkill.exe
Token: SeDebugPrivilege	4732	firefox.exe
Token: SeDebugPrivilege	4732	firefox.exe
Token: SeDebugPrivilege	4732	firefox.exe
Token: SeDebugPrivilege	4732	firefox.exe
Token: SeDebugPrivilege	4732	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4732	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 3464	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	87
PID 2628 wrote to memory of 3464	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	87
PID 2628 wrote to memory of 3464	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	87
PID 2628 wrote to memory of 2296	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	93
PID 2628 wrote to memory of 2296	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	93
PID 2628 wrote to memory of 2296	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	93
PID 2628 wrote to memory of 3528	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	95
PID 2628 wrote to memory of 3528	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	95
PID 2628 wrote to memory of 3528	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	95
PID 2628 wrote to memory of 1424	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	97
PID 2628 wrote to memory of 1424	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	97
PID 2628 wrote to memory of 1424	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	97
PID 2628 wrote to memory of 1316	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	99
PID 2628 wrote to memory of 1316	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	99
PID 2628 wrote to memory of 1316	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	99
PID 2628 wrote to memory of 3360	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	101
PID 2628 wrote to memory of 3360	2628	c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe	101
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 3360 wrote to memory of 4732	3360	firefox.exe	102
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103
PID 4732 wrote to memory of 3952	4732	firefox.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe
"C:\Users\Admin\AppData\Local\Temp\c5f4d028a2f24deaf15cfb7f0113caea6b5ab0b92b6bc8137fb28b2bb9b4f31d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3464
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2296
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3528
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1424
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1316
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4732
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31fa5242-7d08-4391-95ea-f6d7805af3be} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" gpu
      4⤵
      PID:3952
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2336 -prefMapHandle 2344 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea25bb49-df2a-4e92-b75e-824fb176982e} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" socket
      4⤵
      PID:4884
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3336 -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {806f6049-3bec-4ed3-b196-54ef0d721a72} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
      4⤵
      PID:800
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3864 -childID 2 -isForBrowser -prefsHandle 3840 -prefMapHandle 3836 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e392ba3-a855-4736-96c7-c4cbcc473bfa} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
      4⤵
      PID:4836
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4544 -prefMapHandle 4496 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2bf17d4-ef7c-4e67-b9b8-fc5b0a9744c5} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" utility
      4⤵
      Checks processor information in registry
      PID:1192
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5376 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5356 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2828861d-4f83-41aa-8b19-4b0261c6f21f} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
      4⤵
      PID:3600
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0998f420-7e3b-4ed9-8597-f0e479b27b0b} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
      4⤵
      PID:2488
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 5 -isForBrowser -prefsHandle 5700 -prefMapHandle 5704 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aff29a88-0fed-415b-9be4-fdfd9e167233} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
      4⤵
      PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
b78672cb35f9c987731710472aa57bfc

SHA1
087b5497853b98b8766fa3f0f2c58e3ef27035f3

SHA256
cca459b04fabb1d4f36fc2a9314616c3d01a281eba5fce8211f6b7f480e0ff56

SHA512
9d8455298e382aab60ab231759baadf44c5057bb8cc30a586d068318eba359b85b3cc2f6e4fa4ae5974a7a6e37ca785f4be00b18f6ad7722e3dc18fd2d587200

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
f9565a9ddbff5e619242cf8e892b5e71

SHA1
3886efd500f798a8eaebd405b9cd52ff7a11e93e

SHA256
ddffe762b8d8d13534c6b04da54076a1621f71d6fa466330a9df39816f7a21c1

SHA512
b2b3fc86c3accd60bb46e71ae19ff5ea054aa0a67051722b052584a7ebaceb82dbb9a0647abfc0209c6a720b0ca1fe60f55621a844cce0821a27b2d4fb707813

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
12KB

MD5
6b2452498b99d0771c921e2cbcc6b8a9

SHA1
89570073323558ba51c73793602d155dd861ac53

SHA256
e166eb8065a8a9aa76629c08e2ab95611f9fbe501cd5fd2ee5fdb38775ace2c2

SHA512
2106cc098739ce7eeb83cea89ecf0427b9c3cc4f1f9c0de5070ae16ea835b89d5695b6c1713760aa060755fd4a78287d05054e645a92ee7060431c78e2ed89ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
555f974307cbc2a714c88a01cf427658

SHA1
10e83cf7339f90624fdc67e0ffcb0534572a8eba

SHA256
6b711a463388dff5384ccf4d4aa42ca660cd9b428617367bced6257f8ac44309

SHA512
484e57de17f32395f611c579ebfd90ad39bd0dc4f6c9cc750b0ae5b7b9586ca594455495e194e357ce4f66c72ecbefb102f502d6f8d80848195b527533ffb384

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
735c636889c68a5de4b5d184e354f3e3

SHA1
df8d97c7611e7c7c535ccf008c54a078bb8d6d0f

SHA256
f3ae62bc20df2047c4eb4f759f1fec0c362b848b8e3f30a6c8514b53bc355666

SHA512
a7d2f579e0f69fbda76c469b9786a070ca9966c1bfac56c6796099aea203b2f406f4ce58d7b23ac0e7f4cacb749f8d84569aae212ad52902998cb0b8f92fd78f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
645f8ca7b373dad9401498772c455e89

SHA1
485761e0e9d38d4167656de906da8a8eb8916981

SHA256
589523ef84ee35ece4844c853ef52ac732dec174392ec98def03597b3169feb4

SHA512
41fc810e8e56d2dc085829cd1e54b5523fedb7b1b4d8dc60eb5099bf00e65471896020b12bbb5f98ba4a194b759644395e891cc3febb57953544e4f82dd3a6a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
cc0ad44ac025954af44bccb3a1bd17c8

SHA1
bec86083c14f79f41119974c249980b044cd5908

SHA256
813a7a81278a085e2271539730fe365ab6e6c041d18845b0e60ed64ba21400b6

SHA512
a1f9d549ca8b94d10971bc3482031899871266c6593805e4ed8557e61dd5d29fdbcbb4dea519e13c74973c7f96c55ea348bda4fe64e48b9b7cf829571fbf5085

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
4252bf1336e63c845adba1437c7f5896

SHA1
ccce6ee4d55ec8d175ea1943783fd2e4df0fb910

SHA256
18a78d2ad78987e32b168049a72f78c21eada6bb9ec5a1a5bcc4b5702d6b1605

SHA512
77f01085d69dc0ddb091b4d8563fdfdee542773885100868afb6762eca053a94a6fd7bc67c8ccc9a900ccb20a49893336a05b3b18e4b7ea17acd85e08bc3e28d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\3d39ee7e-32e2-41b7-b53c-ee6f0a515a8d

Filesize
659B

MD5
07238308e1729a0b4176cae0d0d71ddb

SHA1
dc4ee58a35ec56719e8fc8872f0c1afe6defa1b3

SHA256
ee8b3238984231fa4aebb9eb638046fc911c6fa2c1629c17a09c415ac3ed2810

SHA512
84fee61a6ba7d18d55b833487241ca6cabc274ef6a094bb7e362db5b7b1ab43c5f77a9faf561e72f8755cae992bb48778fd496dd96edd076bda5d3596195ed18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\8d68aeeb-98f4-46b1-8bba-3754edd9c440

Filesize
982B

MD5
881f0e77985050abf3383c3366d85ab4

SHA1
e14708a8835e29f48c7e612166e6471d74257c70

SHA256
025c7bef9e2faf0fc9ef0771b6fa7f1d76c47d1ef88170b46ed6ea9fc3a68228

SHA512
e29962acb5c9c757f5ee9ed44e02e2c08f5bd53ccdfa9c492def5c9599dbfad92de38a5d40a454e225721161cdbdfb8612ea6806a380f4bef3b823782341d578

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
12KB

MD5
9745b4c258cdb1ba25c613957b9d16bd

SHA1
3b46b56e06fd03a4adbb1866e994f394d50e294c

SHA256
3b359489bbefea99cbe351bf53102b54b3da75fd48fce73f0f6d889d59338757

SHA512
66046e9533b2704460ce71c307dedbc88ffbaeebcec29b45483ea68e3bd64caca5c0fc846290c539d1e7b463fb2e8d8642699dd8cfb4999b6356c2346453bcd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
16KB

MD5
eec613812a7c25956cfb66ffa18fd029

SHA1
7c8e322bb7caf58450b9252dc17fb4dbe407f654

SHA256
ff8a86d9e5b5d252f17191dc868fbe096d54ec0d86f1e0e367f4027ebe191c84

SHA512
64d8d206868314dd6c22c24638af9979d61443e4ed84429255b41688f6da7662a6f908ac9c9389923723509befa89d3f21990f429aa47cf2fc78c33b158741db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
10KB

MD5
32922ecb89b051ba55847016351d69a5

SHA1
9dc0e601cdbe468d5a976c7799574d74b5d1bfed

SHA256
59fdcfe3a39ac30ded3eaebb608a49ab979b223e15321b1466db58d3dafc0fe7

SHA512
8184b63f9a125f2ed4b888f55f1c2bacfcdccb45aefd303b50429a0d2597e5fef712ce43d629c2415688a219e5e9bfa2de34dd3e61b6202f0492bc958b2540c7

Download Submit