4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8

Analysis

max time kernel
130s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 01:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
Size

897KB
MD5

7ed7f53980d661ce4c366fcb99a79136
SHA1

eb683c038438a3a2083ddd7e8c6414dbd7ee8fc3
SHA256

4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8
SHA512

c64b37542a080c1f2660d0d915f373667a2a7d47dadfa9ab14142239c6af818e98a233e4924c81b6c795a34935fa2cd3af6dd20875b037b6733127fd4aed2ad9
SSDEEP

12288:dqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaxTH:dqDEvCTbMWu7rQYlBQcBiT6rprG8aFH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
1880	taskkill.exe
2704	taskkill.exe
1420	taskkill.exe
4420	taskkill.exe
4624	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	1880	taskkill.exe
Token: SeDebugPrivilege	2704	taskkill.exe
Token: SeDebugPrivilege	1420	taskkill.exe
Token: SeDebugPrivilege	4420	taskkill.exe
Token: SeDebugPrivilege	4624	taskkill.exe
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
972	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 1880	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	83
PID 1052 wrote to memory of 1880	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	83
PID 1052 wrote to memory of 1880	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	83
PID 1052 wrote to memory of 2704	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	89
PID 1052 wrote to memory of 2704	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	89
PID 1052 wrote to memory of 2704	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	89
PID 1052 wrote to memory of 1420	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	91
PID 1052 wrote to memory of 1420	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	91
PID 1052 wrote to memory of 1420	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	91
PID 1052 wrote to memory of 4420	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	93
PID 1052 wrote to memory of 4420	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	93
PID 1052 wrote to memory of 4420	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	93
PID 1052 wrote to memory of 4624	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	95
PID 1052 wrote to memory of 4624	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	95
PID 1052 wrote to memory of 4624	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	95
PID 1052 wrote to memory of 1984	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	97
PID 1052 wrote to memory of 1984	1052	4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe	97
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 1984 wrote to memory of 972	1984	firefox.exe	98
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99
PID 972 wrote to memory of 3888	972	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe
"C:\Users\Admin\AppData\Local\Temp\4b2ac62d4a1a497ad316b511421230a55d679dd98d0f3512f6a9c77f14252ab8.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1880
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2704
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1420
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4420
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4624
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8886d424-b3a7-4e68-b070-6f9648602bf4} 972 "\\.\pipe\gecko-crash-server-pipe.972" gpu
      4⤵
      PID:3888
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cc8fb80-8f0a-49b0-aa52-0880217876c0} 972 "\\.\pipe\gecko-crash-server-pipe.972" socket
      4⤵
      PID:3704
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2892 -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 3088 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da9db47c-b064-4e88-a622-87e90cf789d1} 972 "\\.\pipe\gecko-crash-server-pipe.972" tab
      4⤵
      PID:2984
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3932 -childID 2 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73a7cd43-7ba2-43d8-86c2-4163fe521ac2} 972 "\\.\pipe\gecko-crash-server-pipe.972" tab
      4⤵
      PID:752
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4864 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4848 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7523034-a0f8-4fcd-87fb-b158eaaade1a} 972 "\\.\pipe\gecko-crash-server-pipe.972" utility
      4⤵
      Checks processor information in registry
      PID:2132
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5256 -childID 3 -isForBrowser -prefsHandle 5320 -prefMapHandle 5316 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ed6ae59-449d-43f1-82c3-ac41da195d93} 972 "\\.\pipe\gecko-crash-server-pipe.972" tab
      4⤵
      PID:4388
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 4 -isForBrowser -prefsHandle 5504 -prefMapHandle 5500 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42b98840-6a31-4901-903a-0d011c49a6bc} 972 "\\.\pipe\gecko-crash-server-pipe.972" tab
      4⤵
      PID:2872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 5 -isForBrowser -prefsHandle 5400 -prefMapHandle 5408 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73ccea25-06eb-4ec2-93ed-877e0e56af93} 972 "\\.\pipe\gecko-crash-server-pipe.972" tab
      4⤵
      PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
36f27bb94def9898c358cf1e26fc1fcb

SHA1
edcdf9e0342ae0eca90dfba51a684677d712230e

SHA256
4f9c7e10fa03adbe0812aeff2668b5220550f4d53a32c2bfb212867ef94622fd

SHA512
825206bda6b8bc2a4ad22d38b5393264f9ec3c7a615823e16ad299fb30329e6882c4c7809b4a940c9a4938aa909654a07382c58e88771febac79e32d9f81626f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
31ea44410b635236e6c85c7e654c4d30

SHA1
28b6ead9d12ac340229dd97c56182a4c23fac36b

SHA256
b13d64bdad6a4a8e8e03018e975020fc4a2f080721f75e1a6c94d713027c2c8e

SHA512
1f85f642a14608fa0c835fa3a321adc334207154ef676aad8f40c730751e985cacf70bb8b666198ce876da4cd8b10f8c5c9d7f77c0a388a6d723338869228942

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
13KB

MD5
5bcb3f718a3d135a7e4ad7dc8ccbf8b7

SHA1
461131b80f067c0abc82470211e20e7c543f63da

SHA256
9cd6532a8859742997b8304b95a842ff7a6483cfbfdb84b23af100806e24aa63

SHA512
bdeddb847c5b92dace723f09e29ca5c843f4c48501e10ce63094d299ea7d49f80097fbb91d5bf79568b1e7528318c2cdd106cffd11c9895b7d67ecaf68f75983

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
18KB

MD5
a8289d7fd7e214a38ee4de08faaf1cd7

SHA1
4b8560f053d885534746eddb8e822fbeae477e46

SHA256
6068c788430f7b2ba2fdf4a97473d244261011f1fc367bfe3b5886b2e3023871

SHA512
b465095efebf54563860b6c198bcaf4381f47bdb65a852773d7fac7367ebc682f39f085df8722276ab465d634ef5230b8ee56a373cb45642c6c5e083bd6c7279

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
cb78fb98835ab625e1300e9979f05d16

SHA1
605046d5d3623d036d12d631948f0a40b8601a22

SHA256
19e3405397d908db27464fb0b6f31b2050e5410a1d91d846a98215efccb6db12

SHA512
40d7ac86ac3149b98aa2616e8ed1b184aae01601e1a55948806ba778b539a57e10029dfb16651a33dbc58b9f953b642339b85ff21c112066dd5aca0fb3e79ef8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
7b88ee181ef09eb84f61b5ad64b5e12a

SHA1
f629afaa2b35a30b6107cab91c02062af7542634

SHA256
df078cb297c7eaa00419cb3dc691bcd5de6b7ae78e8d4938bce45a0e4a493e84

SHA512
6c08c84864f07f082cf71eb4bae53e642272f5cfc88a077ac82c1a087b26bb2988d58391725d5a78e8acf994c12b2e5793ba8e4196d6773b05be96c6ba1de25c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
037e93578338a5dfec6b5e32a91e1a73

SHA1
9d773ed74ff9b39e97b9cead69cb1211b3c06e71

SHA256
344a6d76ee0c064a69ee9c797cadb201232996ad923ce57a42150f589043653b

SHA512
c035eafa2d9ce3b3654737cf95c4e6f03cd89bc81a270f3d98d21cb318e2ce21a3cbf45b8169bdfb182d90b89e84c5d4bbde28224d690c6bab58379c1739edf2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
4fc51e41a24a1fe255be01c883b61629

SHA1
1a74605d9cb94dca390165ed82c2216d97c5dd32

SHA256
472f6a271021b4b6e83cf9691a466108410a066505147814de0c5e7d814d7a70

SHA512
5a0e117bac6566845478fef3b3367ba7069400a7b2b8af5f95ae963c0e14f76a4c442cedf4d7258a4d4590184c9fb81085f16dca6798d7dcc8bd3d77b4e9160a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\0cf44983-f95c-49b1-adbe-a6f504829d5a

Filesize
659B

MD5
783df0c5e487f8623d5f088706b2ecbd

SHA1
000d5bc8a02ce514b7be35c958982e2ede45f95c

SHA256
ca7b9c84f939f93e9d76d904afaa08fdcb0ba42f26d89076967f9593df077fd2

SHA512
2241e61a10fe39c72933d6438c4884a58a0bf8eedfe24f32a51f802c5771c999035feaa2e3a51f6f15e31b0a5733e64e220a61a4e385cee27348f3d1f9e50a4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\f0e7ccaa-f9a6-4387-ab61-76197a886af7

Filesize
982B

MD5
5a8bb0b53091c3627dc15cb3e4342b49

SHA1
b3d963ecff869067c2bea92f74838ab98a1abeed

SHA256
b77cc3fe27b03b64974fa47922860f2570218f210ed57b956442dcb8f7755140

SHA512
d4f4f85f9f4e1211a50c554f29ae048c95b5ca20d4836efc921eca298fc22bb40d30a3436ae6202c5ef6639dcf19942810b0954e31fdf8c81fde2b2552984235

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

Filesize
16KB

MD5
78a9e898c718042e645160751cf629fd

SHA1
94458e5b9c8fb04b67bfe1130e46451b28637671

SHA256
de05cd9e496e7e7716046a9d92d5823397c9821fcefc156e0a12fad1476ad5f3

SHA512
e40539a5a2a909bb348612bf369db45ef308ce24dd31a4b91c26b18e45c5efffd0040ad968dcab41a87ef6a11997d2cff0afa31e2b98c4637ecf34a9337c686f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
10KB

MD5
8989bf24483440d5c7a3a0147bb0be49

SHA1
f9420b01470f130226b036889135c927c85f54d7

SHA256
84af7fdfa9e2358bd08b13468f8b4300501a9c108379bef73107d2d1602d93b2

SHA512
e68eca92b29504e05bc5d00833f434d8bcf282419af732db660aab3add933ab5a9ca66ff5f57e4eac23fa3c7a9c302c19290148695be34f42d32437a6f749656

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
11KB

MD5
471ac0822b8091c53cc426b6f75278ff

SHA1
57b2e41b8ac1f3b90a22aed7dc19ee05e4aee86c

SHA256
f3751c9e9d4e05970376e2d3bb0ade236f45be95dad54d4946202548803507cb

SHA512
769dcab257ee856b6488f13a72020140c76f5f3019f3bce06b6d53024b74ca1d95f62c8df6518c29daf37b89fc4c3552bbe3717faf95c63843f7de33f01f3c46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
13KB

MD5
5fed45d3e451ac2c58dd26a646da2d7b

SHA1
0400b00523d52ff5468b60ec401e935480c28865

SHA256
656b94f2e523c1fcb4df28309e2d0b4b309d3ff6d7bececdc4373ba6c5cdeee4

SHA512
820a3870b731ced8a6a150dbdfd0ae4e7f5b6b0de4469a03b422185165099cd5658a3f741b322126ae075c9ee8a3cbc028723789d647d70b02513d2040132cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.1MB

MD5
335c3ad0e9a0f653aaac4a3fbda65b52

SHA1
fc82e8ece29d4bbdb3dbe60bd827d4c28b4184bf

SHA256
ba2e26944db9cf6f8988684f4157df1ef19ac6aa5c7432b0c7e784e74952fca5

SHA512
ec5c5886ccd122912da87a56a77c097d4761e9c154f7f061792e48fefd4118b5e607c50bc6973514d31bd4b8a4b208872d5a447567f5225aaea989193e540ba8

Download Submit