36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5

Analysis

max time kernel
142s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
Size

898KB
MD5

0e2e68ee546c58add51d948916b1ec65
SHA1

15f4b7ac02f7806b323c7f41e76ceaec6eb6f28b
SHA256

36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5
SHA512

551568207957dd4b55b228bfc1d3c71267d9c4964524d40689e38a8c30cefdeb443ab56e1dc91545b15a77d0cd1da124d460d987165a678b93ab3826c819cdaa
SSDEEP

12288:VqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/T/:VqDEvCTbMWu7rQYlBQcBiT6rprG8ab/

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
3892	taskkill.exe
3508	taskkill.exe
2552	taskkill.exe
1552	taskkill.exe
4596	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2552	taskkill.exe
Token: SeDebugPrivilege	1552	taskkill.exe
Token: SeDebugPrivilege	4596	taskkill.exe
Token: SeDebugPrivilege	3892	taskkill.exe
Token: SeDebugPrivilege	3508	taskkill.exe
Token: SeDebugPrivilege	3028	firefox.exe
Token: SeDebugPrivilege	3028	firefox.exe
Token: SeDebugPrivilege	3028	firefox.exe
Token: SeDebugPrivilege	3028	firefox.exe
Token: SeDebugPrivilege	3028	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
3028	firefox.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3028	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 2552	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	84
PID 1404 wrote to memory of 2552	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	84
PID 1404 wrote to memory of 2552	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	84
PID 1404 wrote to memory of 1552	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	89
PID 1404 wrote to memory of 1552	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	89
PID 1404 wrote to memory of 1552	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	89
PID 1404 wrote to memory of 4596	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	91
PID 1404 wrote to memory of 4596	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	91
PID 1404 wrote to memory of 4596	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	91
PID 1404 wrote to memory of 3892	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	93
PID 1404 wrote to memory of 3892	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	93
PID 1404 wrote to memory of 3892	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	93
PID 1404 wrote to memory of 3508	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	95
PID 1404 wrote to memory of 3508	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	95
PID 1404 wrote to memory of 3508	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	95
PID 1404 wrote to memory of 3748	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	97
PID 1404 wrote to memory of 3748	1404	36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe	97
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3748 wrote to memory of 3028	3748	firefox.exe	98
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99
PID 3028 wrote to memory of 1604	3028	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe
"C:\Users\Admin\AppData\Local\Temp\36272524d243d3051cc9adfb870c8170f527b5e048f8562ea1bb4b426572e0c5.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2552
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1552
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4596
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3892
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3508
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3028
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eec7289-1253-4ea4-ad91-1ac8c5d9790c} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" gpu
      4⤵
      PID:1604
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {beba3cbc-23cc-4116-837b-f3e2f6685569} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" socket
      4⤵
      PID:3004
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3016 -childID 1 -isForBrowser -prefsHandle 3276 -prefMapHandle 3172 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b111c9fa-6c5a-4274-ae74-48b1ca6e758c} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" tab
      4⤵
      PID:908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3880 -childID 2 -isForBrowser -prefsHandle 3356 -prefMapHandle 2784 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0953fe00-0223-46b9-835f-955bab8e8557} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" tab
      4⤵
      PID:1688
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4516 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4512 -prefMapHandle 4532 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2f8adf4-a152-4531-88e0-5f43bb3c55a4} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" utility
      4⤵
      Checks processor information in registry
      PID:1128
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 5364 -prefMapHandle 5360 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49f090e7-b1c6-4ce8-8310-91dcd02b7753} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" tab
      4⤵
      PID:2448
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11ece4bf-7f36-489c-b65e-e54dfa864189} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" tab
      4⤵
      PID:5080
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39faa013-a026-4d82-963d-b7e7e51615c1} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" tab
      4⤵
      PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
323c185b553a1eb703fa7437ad17c308

SHA1
f18967719cf9c7e82703528d2089b40bd3ab1675

SHA256
b49d84da018d3fff296192b9e30c67a4e3b79f0960e87056d2ea313479ac810b

SHA512
f46a13bed7067c3e5b16d31d8d8018695dfab034a3f363ea4fb50105b48e50c30406806c25556d72ffc6fabe4d77ef303f85a3bea14b51f943e1580015dd90ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
9b42ac45e35f587b7d792daa2ef5664a

SHA1
95880896a4f955ee2021038aaa62a25194479609

SHA256
4b763e5eb91b6adcef8a2b2a9d83124284483aa4bf947942b3e8066457482514

SHA512
6335edd020c2fdf530ecb6cf6a120f1cf512c092dec166798e57709879efacd515abc0e92852f054a88cd3d8ac2cf1b5d26597b9624e93008af0d07510e9a7fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

Filesize
13KB

MD5
364084f54438220978e3b17ecd483028

SHA1
d1be99ccfa846e0c02c72599e8f10ff90e537a60

SHA256
da55e4e6370ddf1c65daf28b8d7b875d7be8f140b725ab2f27c5f47c8d12f290

SHA512
b6ce593e96951f38f3519b2f1a6198bf5d68e60a9e1d174248cca23798708ec3b09ab87ecfded3b910343133bb2cc6e04dada79566519afe4419449acdd47ab1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b85e9fae529db2f9431caeca5decf195

SHA1
c784bbfaac554dbbcd71b0affb1a16b7792f0208

SHA256
c590092dda2c571a90f144598cfdd49c47820b124a65896da45947bbbaf41280

SHA512
7d6cd98f58e35312d3254a1cb3c7625e997e2eeac3f342da65229facd0a33d58c3ccc7a1f1ecc343992e9e06bcbdecbf85e2761a114211e7985b28baff0fe96f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
9c96695a137af42116db25bec7dfbd21

SHA1
e9fe7d23b8a3074ec146aeab7a81eb48e0e7245b

SHA256
1e4248f6ac8aeb5c9a30b5ed87042d87e695c43d6e68cd345e9539b0a0e4c13c

SHA512
4ce3109b2f7e3563f7733989e470d1cca552a4150a8544ac67b852651a07828d6288a1c1993cf76750344f2480594c9b009f05f434415e7a68f17572fd5adb6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
1a6b68b46cd47be42860c4197c60c906

SHA1
887d61df4bbad4df48b111e80482a75a697d3d03

SHA256
f12e44afb94fbeba8c56008e86d9c73cc70b1b20ff700a93726af2aa5563d879

SHA512
75fc88ac53d176e2054a317d02501543279b5d55ab630dde18a0f9303ea0406351524c9173568b095274228566df4b0a8f5191adde75c991840267d480d0c69e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
ab633129631f7dfe6027173d86c0b518

SHA1
552455fad762bc6e820ad0eee39403528444292f

SHA256
6cf7452877ce35912b5319d1e67d20795b6f3cdde29a89838bf470c29985ee53

SHA512
f2cfa0532767d430c2da34c0ffa5163a702229d57e330de7f2e77df109c59dcabf3bcb3e6fee4cd9a00e8d5a94162176b5efbd25ed52165cae290da0d7c5e213

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a1641ee29d9c04c99b927787d1f83e04

SHA1
de508ede1c7e9fab2c6bca53fc8cc65966e5faf8

SHA256
e94ec50a132ff816694f92b52aa3577d7fdff29ad2a069107c226a71c4e784b0

SHA512
dee315401324f54f01f09d494e7bec2c1c48d647acc5efb85bdce396ad9d27ebf2a733024baa16c6ede685ac5dd3cedb59c673c7d6086ffb444181d16193aebc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\53ee0cc9-9aba-405e-9bcd-60aa4d643318

Filesize
29KB

MD5
bff6baaf80094fc1dfed00eb0707860c

SHA1
4cbcc8f6198ebcbe3eeefb99c0b0cad5ef5cfd52

SHA256
564de5b7b493563fb24d03425d89c398be7cf3978bfcc45074c4c33d919a356c

SHA512
d04d98f3d2b3745cb48b1b66ffe81ebe895d742482e300e22f973fd273853796badaf291f250d4a9327daece3d17742ce880677589172d50e21f16845bd9d097

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\cb96027c-948f-49f7-a5a0-e41dc63a2a2b

Filesize
982B

MD5
c9b44b62e337d812fcb225fc10a9204d

SHA1
deac83aa904fdecdb5d19186015cb1fcdf0e8b56

SHA256
2a76128380dc01f1ed5c6ffaa2b9620ee8a9362cf4d1431ea0b5815b96c9fb08

SHA512
c55c5585eaa847430177e3c8adba233081b8e7170e8c602a89c04fb0bef47290390f1049dae642a47d1ae93cd45aec239d3ac00a1a83971ce332a3d61fad85c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\eb0f8f86-53a7-4e13-b129-e7ca059d58bc

Filesize
671B

MD5
a63c2d2775722b747661943c9fb874c7

SHA1
d450c081068c51a453ba978b87cc173f46d91c65

SHA256
489d81d9c86dd999a53568e281805c5a1e5be590a5fc5ea298ee7e131a858a8b

SHA512
fae3e6e40b762cf6dcb7d8b6bd52af7ee0a71ff13e4c9b79fb43171d7990dc4ea22fb0e02e014ca7143a074c77cd19212c524187f730d3e9c907571f678d71f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
12KB

MD5
ce625fc3abcbdba0f5e4d6bda93fb55a

SHA1
3f36d0fcb3898fcca31eb3560d2577b6b978412c

SHA256
54109736cb0d0c793762cb79a0c6ca38dbb8ba57e1a4c62173ce04358a38dd3e

SHA512
2a287a5274969b1d6c0ada5e9a0ae6e31d063a48cdd37188836138550f4d47ea525e6220959f08252f92d659ec477a02aeb68508528cc7db094cd03efc165757

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
16KB

MD5
0ab758dacffc48893f11138e657cf777

SHA1
23cb25ae89a3a83c121376d4653e5f75388b537c

SHA256
4c6e63ad63bbef62532f47389cdcfff86cad3414472b4189e84a3b24f3aaa4b5

SHA512
e451b856df48ef5b1df26b65910daf8906708549fe229285b30258e8b7d5c44103d938936b143dbe5a51caa00d3cb4dd03dd2bab21a9f0a4ddb2528aecd062e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

Filesize
11KB

MD5
c7187c4dadb2a8511d70c86c0087c2ae

SHA1
a17a8af846d4b98033f58465479025c21b22b53f

SHA256
d82eee5a908379c81a01cc10f21c5cfc62cbe635317e5d55045840b59431d284

SHA512
84cb3355f5d6e6136c55867e0162f6f09fd5edad212fe4474aafcc0ecd8f042366e3143c9bbf3289cb4b64755b901cf99b37a281961a653347128f0c513c2a55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.3MB

MD5
af946020c015762d2353879ad8b2cc39

SHA1
d371269b09086a0c2c1fb366fa60f0b3b239f120

SHA256
c0dbe1d58d8698b180708ed27c1a520a4a832992369df425cd027ba9c70cc03f

SHA512
1552ad4983ace7ca04024a513965148e83a7a7a7192913ad9e68896c237365330d77b2e7a544fb5d291d2d8ad55fca51669e8b96492f51b7a108f7742e40e24a

Download Submit