9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77

Analysis

max time kernel
131s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
Size

900KB
MD5

8f6180bcac221bb08165e3a330d3d417
SHA1

17f55e1c98ba7d7e9adf8db786a1db0d6c88fb66
SHA256

9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77
SHA512

a99dca636d69ae757793bc4583357619ed52909ea180d686f72a1bcc35520d76e9027f54f8dc9e76b3f4eb7a15103682b05bf394a33327bab34da2d9cd066ded
SSDEEP

12288:JqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaDTq:JqDEvCTbMWu7rQYlBQcBiT6rprG8aXq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2132	taskkill.exe
4588	taskkill.exe
4888	taskkill.exe
4492	taskkill.exe
2320	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2132	taskkill.exe
Token: SeDebugPrivilege	4588	taskkill.exe
Token: SeDebugPrivilege	4888	taskkill.exe
Token: SeDebugPrivilege	4492	taskkill.exe
Token: SeDebugPrivilege	2320	taskkill.exe
Token: SeDebugPrivilege	2936	firefox.exe
Token: SeDebugPrivilege	2936	firefox.exe
Token: SeDebugPrivilege	2936	firefox.exe
Token: SeDebugPrivilege	2936	firefox.exe
Token: SeDebugPrivilege	2936	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2936	firefox.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2936	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2132	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	83
PID 2676 wrote to memory of 2132	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	83
PID 2676 wrote to memory of 2132	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	83
PID 2676 wrote to memory of 4588	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	90
PID 2676 wrote to memory of 4588	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	90
PID 2676 wrote to memory of 4588	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	90
PID 2676 wrote to memory of 4888	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	92
PID 2676 wrote to memory of 4888	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	92
PID 2676 wrote to memory of 4888	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	92
PID 2676 wrote to memory of 4492	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	96
PID 2676 wrote to memory of 4492	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	96
PID 2676 wrote to memory of 4492	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	96
PID 2676 wrote to memory of 2320	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	98
PID 2676 wrote to memory of 2320	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	98
PID 2676 wrote to memory of 2320	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	98
PID 2676 wrote to memory of 2400	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	100
PID 2676 wrote to memory of 2400	2676	9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe	100
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2400 wrote to memory of 2936	2400	firefox.exe	101
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102
PID 2936 wrote to memory of 3752	2936	firefox.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe
"C:\Users\Admin\AppData\Local\Temp\9719a9918575ecc0746e0b76688ec3cd4da27d6fabae0ee67ce94c1747fdbf77.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2132
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4588
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4888
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4492
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2320
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b13b6340-f57f-4d9e-a84b-872e7f075e8a} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" gpu
      4⤵
      PID:3752
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d701fe3-b924-4069-ae40-4bb9c9f52286} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" socket
      4⤵
      PID:64
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfd2cb5b-8139-4655-b8d3-8d272128bdfb} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" tab
      4⤵
      PID:4980
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3860 -childID 2 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b293699-b156-4afc-9833-1a98290273d0} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" tab
      4⤵
      PID:1136
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4868 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4860 -prefMapHandle 4856 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4eb7986-a874-4744-9cfe-5c6736e168a3} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" utility
      4⤵
      Checks processor information in registry
      PID:5316
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 3 -isForBrowser -prefsHandle 4792 -prefMapHandle 5432 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdfada16-a065-4b3b-a8ea-49f80d4ab3fc} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" tab
      4⤵
      PID:6052
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 4 -isForBrowser -prefsHandle 5588 -prefMapHandle 5416 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af7035af-975e-43ae-90ee-696ea047ca2b} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" tab
      4⤵
      PID:6084
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5824 -prefMapHandle 5820 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac359a11-99ba-4756-984d-cc53cf96a881} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" tab
      4⤵
      PID:6100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
56a58e0ce884b25e5b8e36ee220e33d2

SHA1
d55cfff23c0a7ddb911d5dbdd06e95a2550da4b4

SHA256
065369969b0dd7dfb017a89c91c49ebdaa900d303c66e3b99cdce1b500f290e8

SHA512
5fcf5fc84acaa1712360b9318b8b064befd53eed6044f52a073fcfcfc56bae019aace59f516e1489b892b20f5e230bd2aeb628e5b7fb16765bb25c853f2e5112

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
e03a8f0664dfdc80cc4190bae406a097

SHA1
a8b9e9f28c3354d12f882e6fb30e87f02e1f0214

SHA256
9f798ed242d9a2d116f3fc985ddb79113e37e31f86e748511485daa6ba84e881

SHA512
177a65dbe10da4028e0ef5b7e79368395b78af0cbb699953241b41bd58cffb843deab892e8171c8f3da0a757f0fecc97ad8da3d37c18995c07456081f4a84dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
6KB

MD5
98cb08edfe14d47d080711f280f08bd7

SHA1
2d5e891d3da5d9ce14f292cb552d4b6b53bb4f50

SHA256
6e7d21bd2d7ea9d068881272faf5e8589bc44f5f8ee302c5930ba16a3a150d09

SHA512
fc44199daa7cf60b4af2a13de9b6ff88f634eccdd1f2f3e3a20aa3f0b5b2e5ffdbc6dabd8402aeedcb16b14dcaf7ba30e6f948599c71f1e99aa3665ccd37220e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
8KB

MD5
192c02e8121ec7200bb200283bb0994b

SHA1
b691cbfe2d4f0cd99600b72aa51c28af45e85d78

SHA256
e8a74f6d00148aec3ecc3c0283216eb989ae1deb71e867ee50e669ee2f3d3277

SHA512
31370d31bf47c5963fec2bfed3926c990ab80cb8553107949fd1f34e9658c4fcab16d0b3c016968445edd98793e827c91eb5989aad16390317b522d435ee4890

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
18KB

MD5
61f917ef0cc2a33749b2cc98e3b7b8f9

SHA1
9a78c530b6e95bb0477d28da2fa99e8c20723f6e

SHA256
7469f2561aae6687519f57dceef2def69a92eb5e2a29c5fbd63f0a01d8f849a5

SHA512
e12862b935e854a0169d5b9d92ead1eeaa5f1fdc5fa206fb234921c1b144e60b674c7beb476c9c936b142e679c37cea8b4da8f41038a5b9cea12e787edb7a569

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a2a1967a2a992f215efd5973c681a7ac

SHA1
3e4e8c0a2a58a16d5c61d3716d3b9bfb05bbd665

SHA256
42b665c9e9c7af9f96650af6077e45a83691a623820842f6d65ae62da31d50b8

SHA512
6ae9983c52376d07e4450024bed65fbe0f0ecf7c2cd3f7603785d161b8ae1dda5956a6c9c2eb8e3b434293f94cee2f52474c075094c32ad2dbb087f8bedd4309

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a6ebe8d20c251f4ad98156fe3f4f9b99

SHA1
17be8ccdac6bbe7a6c6c37334df263925bda23a3

SHA256
fe850f07d8180bef2717945d24b7ed7a205261400d9b59bfe2eb40b60c05d0c4

SHA512
ae9328fc82f83b350b8b8c5db6ff61546bc05b3e4ace224734ef5d58b5dc7b21fa951f97d3c133db52dbc6857c71cb8b27837a9fb5296eb818a7721ef7720ddb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
03e66bc58494ea31a7cb76fbfb6a8e58

SHA1
23e8be6ebd7ee144c80135ca78026f671794aff1

SHA256
59e001dde9cac8aa607d15b11cc44c4932ef411d8edb5a420782d2b5f646e2ff

SHA512
3831499b0b5e8fbf0769747f61c4d9e69855dc977bad3a080413d2fbc3e067d5c374b21935ec2afe5bd854d320255b1699e5de7e5f748e99d40953aa7e7552a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
65041cdba07a15a4cfda56cf3832ce75

SHA1
7d4d30ebff46456f59daf2d8624a55afd6cc5eee

SHA256
e6378adb1fcd2a11695118e9d0d51eb67b09ea7b02e3bbaf492e5c29958e0fed

SHA512
e330be80f4aa97735b9c4e27f058894e95fe31637dc05ec7466d0f9bfe413239cf31a4a41c21e548ab4a7291b1e12acde8ef8dae98d5d3b347864cd726677436

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
37474fbd3a473ae3c69316cf82818026

SHA1
39049b19406cc73dafc437a305a15a197f194013

SHA256
2db9519ae8d9a2cd0602ab7d8a01e2eb344d681ef6d5ea70e7ea0fe2330248c2

SHA512
094b10eca77089efe0f4c7a3b4d12c3345b15af8c9d999202f2c127fcc61ad81cb6c03e9ba56f8332c9f8293801de2f9fca17dda2902b3be904b168af6c2c241

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\ba372cc5-1954-4d67-8166-40355c78fce9

Filesize
26KB

MD5
b69e6677f9f722597bfb3655ed74d906

SHA1
89303edad1056c1dabc99ab53bf0285ecec4f7e7

SHA256
d63fa70b381b4421695f18acca452f8a4e03a5d89848e92e2eb259b6c7ca9227

SHA512
6ce6ef56bed43e41b1185f379127d986cf4b349e0fa04577bde264cbd4b91f541e8d37bff40c330d89f45aa1bd360416d7016aa12a6bd220266065843bc668e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\bdfd3efd-399e-45f9-967d-0b482fb64282

Filesize
982B

MD5
5ca97c1134ab41079323017615e0d0f0

SHA1
5b5986ceaf952ee09ed7712ea7204c6f58a61abe

SHA256
3bdcee2b838720ba7626dcd726c68b7ad10cf216302d425d8b9101b5deeeaf96

SHA512
6d93cd17b61f548a25b34e0b8056e60f7d4edf589b289bd67e5bfd07750ed7cd7bb6182fb7d0513f7c7884dd6513db4d2a366515e3eccc24939dfb77a2c4bbbd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\ed8bf16f-bbf5-4cab-b621-7fbcc4769068

Filesize
671B

MD5
6e5004cd28ce0a93403ff62a8b27c875

SHA1
f9987e528ad370bb510f0af585e389c007077e7f

SHA256
44d7e9d7d17491803f312b09a9c101111e30b91507d7383024d60e0489daf3e5

SHA512
697e4cba491e4b17c0a122b52fa545cd64f5a804f13e6fc4bdc1c85ab272792684e9694b319920f94ebb92cddd8d43c80174869d9bfa78170bb695f963d90dbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
12KB

MD5
446f7c489f4dac5f49bdcef253737f88

SHA1
57df61dffcecf32003eb5d75f8192891dfdc4f61

SHA256
3814d9da27cccdf1ab4fc171aed0b0360a80da4dcbde44084112173fb8128335

SHA512
ccd86265f131b56b94dd17f0727eabe1df8d0938bfa091cfbb64724d189c9b45e6c2a1e1ad693f969e2b9c55b270bfd4d262737e7b331fb99a2610dd29cf4de7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
11KB

MD5
3f2e7526b7c2e62072f25d284faa4eb6

SHA1
f1c96829b6990a00ec052afa6b63e70ef6672692

SHA256
232b31f2c290e683e589608572719b689917fcf3d5ed980a77e2e83a2ac1d3c4

SHA512
95ed0daf2deb85896aab6ba6cf7782e5f4dd6d5166295883112dee8186513932b99badaae124355c0f178c8c90987105cf0a293dbe52d559b46d07c3810f1d58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
16KB

MD5
e34bee160650f525060bbb3233aa90b1

SHA1
44b3287227754d0fca634d7e8fea4e077dbd0b66

SHA256
8a295a8f20fa0efe5b877dcf863fd4d4587c4d447cc8c1653f96f5236a958f35

SHA512
5e732e4792844953576fc0ff2527b74cd6e4944b026f3e1bad06a48f5fef322e75b34215b233427ab51a073dc5b345e811f1e25efc95926c1b78c004cdf5e377

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

Filesize
10KB

MD5
a09d7d93a66be78eb30ef61948567fd0

SHA1
e4d00d2a78e9bd57dfc4d099629dba81c524ee8a

SHA256
f89e8493d29030c4623126f4e875bab23808c6077df12f606ce9291268aa0a0c

SHA512
389a37e48da7ee59e7a5e301d641ba8ce869afcb4815753afa4dbc3a6bab46454194c7daff7a31710d39a33f5531684a9a7a6ee44ab279a303f87f5f6210a789

Download Submit