83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
Size

900KB
MD5

4b11625a1a51dea74c7dec7f2936dc38
SHA1

fc8a89d3ed48bee0ca63e81f6452c90598919a84
SHA256

83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317
SHA512

c0699960a923eff1fd4a3e0700b5d8b19754eb0b56d7538ab670eef5765d7e202c4c94f47eb0e11b518dfa1642600723ef08adb30c0befaff36bef65d4830d16
SSDEEP

24576:jqDEvCTbMWu7rQYlBQcBiT6rprG8aMYV:jTvC/MTQYxsWR7aMY

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2732	taskkill.exe
2004	taskkill.exe
4952	taskkill.exe
3444	taskkill.exe
4688	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2732	taskkill.exe
Token: SeDebugPrivilege	2004	taskkill.exe
Token: SeDebugPrivilege	4952	taskkill.exe
Token: SeDebugPrivilege	3444	taskkill.exe
Token: SeDebugPrivilege	4688	taskkill.exe
Token: SeDebugPrivilege	672	firefox.exe
Token: SeDebugPrivilege	672	firefox.exe
Token: SeDebugPrivilege	672	firefox.exe
Token: SeDebugPrivilege	672	firefox.exe
Token: SeDebugPrivilege	672	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
672	firefox.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
672	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 2732	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	85
PID 228 wrote to memory of 2732	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	85
PID 228 wrote to memory of 2732	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	85
PID 228 wrote to memory of 2004	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	90
PID 228 wrote to memory of 2004	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	90
PID 228 wrote to memory of 2004	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	90
PID 228 wrote to memory of 4952	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	92
PID 228 wrote to memory of 4952	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	92
PID 228 wrote to memory of 4952	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	92
PID 228 wrote to memory of 3444	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	94
PID 228 wrote to memory of 3444	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	94
PID 228 wrote to memory of 3444	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	94
PID 228 wrote to memory of 4688	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	96
PID 228 wrote to memory of 4688	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	96
PID 228 wrote to memory of 4688	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	96
PID 228 wrote to memory of 3728	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	98
PID 228 wrote to memory of 3728	228	83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe	98
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 3728 wrote to memory of 672	3728	firefox.exe	99
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100
PID 672 wrote to memory of 852	672	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe
"C:\Users\Admin\AppData\Local\Temp\83d6a2b7ea5cd7251ebb679caf3f34cc98c1d6950ed83d6111eaf9610523c317.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2732
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2004
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4952
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3444
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4688
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:672
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b642b16-9c93-4108-8649-34dbc1e70d16} 672 "\\.\pipe\gecko-crash-server-pipe.672" gpu
      4⤵
      PID:852
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2444 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5d70464-fc7c-4edc-86ed-7a2819a2061e} 672 "\\.\pipe\gecko-crash-server-pipe.672" socket
      4⤵
      PID:4364
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 3096 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4316bc45-7be6-4b91-bdb9-ee39675a72fa} 672 "\\.\pipe\gecko-crash-server-pipe.672" tab
      4⤵
      PID:1784
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 2896 -prefMapHandle 3680 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8acc2bc-1450-4aeb-a7c7-5104203c42dc} 672 "\\.\pipe\gecko-crash-server-pipe.672" tab
      4⤵
      PID:4124
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4544 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4528 -prefMapHandle 4520 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f420169b-0270-4c15-8f86-a5caa4e02797} 672 "\\.\pipe\gecko-crash-server-pipe.672" utility
      4⤵
      Checks processor information in registry
      PID:3100
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5268 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {327cb053-4146-4ee5-aea9-adc3542933ae} 672 "\\.\pipe\gecko-crash-server-pipe.672" tab
      4⤵
      PID:3672
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 4 -isForBrowser -prefsHandle 5456 -prefMapHandle 5332 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6993d0bd-010d-45b3-8ca7-2de2ddf2dc1b} 672 "\\.\pipe\gecko-crash-server-pipe.672" tab
      4⤵
      PID:4380
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c59b6db1-a833-4ede-84fc-6c20fa2d909a} 672 "\\.\pipe\gecko-crash-server-pipe.672" tab
      4⤵
      PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
a04f9dbd1dad8142d0580cc47b2ef5fb

SHA1
2d22850c1801b171f96d3811a2813b0ff7dbcaf1

SHA256
3f85f910f36a19c48a0e57a6cf67cc9a330d45d0e03362108428a355a2549bd5

SHA512
4d43d01885671fe4ae549511a4d4fb4bae967e673e9e06b3acca105d926852324b8d0cd86252bec0a7c658bbb18f20604576441b31b822978e675336dbfa0126

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
0f7b0d9d81ec934528fcb113decbdb7e

SHA1
19e39981966e383f13d3f5ef21c107579f1a5b2d

SHA256
a475b74a9b2daa2444cc7d298155fca4c52552fa43dadc85925048e6b55a5c60

SHA512
9472d9aac451a0375f1c1fde35b06a3c83e02a7866d1ea05a518615882ed61b9111150413e4bc48c86e478d49af3b0d65dca0e63524e83451f6159e3c02def72

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
6KB

MD5
98c2312eb50cc7bc70128c09304176aa

SHA1
1bd62646f44ecbf53fcdfe054a21c017ccdebd92

SHA256
ff03e1c9e6a21a67cae3916e0cfd0ac7e472e614282affcc9f12a8f0315bd127

SHA512
34aa06363b1adf79c334c923104e1db0a6b651d0030f7a9449aa4bdec7025e50e66b291bc2867399c1e21be71f9b038b67c0abbf2373dd476e00f992db68e014

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
8KB

MD5
5221d47db57daf61a3e8670ef762e8a8

SHA1
3bc276e374e26b726a5a7311c7d14e5f55e4c3da

SHA256
dbd9b8c813c93b1a6f82bbb0d880b9b710f3158aca18e6bcf4e35abc378e15f1

SHA512
da4e62614931c2d0e4266939a7ef6714cd369322877a4cc02cdc20eadbc3c0a1a8a5f1e4835cc1d6c598ae33b296f9d96fcd949b9f538f927ee6f7a9f9348de2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5836ee6b84783288152012c5aaa18792

SHA1
458c674750c6fcd0475d30084a50d630e216a39a

SHA256
e123f90da12844495811936c9613dbf35d57e0d836c4f93a999e63b5aadc126d

SHA512
2f1615e00f02bd5f7f9b7f9f306d0b020a7bdb24443a8f4f11433ddb1cc9008fd63dfed9d28925280f1366f597e3133f63c4060f8686e7f022e6fba98c8223c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
201961e99940ab1cc3a86a9ea3346ef0

SHA1
745e0beed4a0b8d64a37eaa0c25517d966efc81b

SHA256
43f01288b63dcacf18d2c0d570607ea3956f73259bef5bdce2e66e45a3b21f24

SHA512
93c245f245db5dee4ef8b51245f7b3855324c0142f611f76bfd29c23d1823059b3acafe95ace0333f3b10411460dad09e304f893e60b124ae48e7b4f11cfb001

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\1d99994b-e71f-4f09-b0a0-69798f04e521

Filesize
25KB

MD5
535d2e020d70bc9e3b662a2a1e6473ce

SHA1
811a689f0475d56282957382ca8eeee60271dd67

SHA256
3847513ba4318d86bb5f4e3d805589e9ff7b3e1e7e97dc109071130a62965c2b

SHA512
255a5299029a8207a5b551e6170ee30472ef7356e67743bf13a1592da6d562c69f41e8fcee89f25ac45da5fd3c8e4b0229fd76549f4f7ab1ceb13c9e141e3372

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\21aada7d-05d4-4849-8102-50959f1fd2ef

Filesize
671B

MD5
cb281d643977fe546e136400f09ae3ce

SHA1
94982634a2cd0ad0f1150787d67f1796a430dee6

SHA256
b2264f8c2a818b451fcc8b7fac3ee1ad825bbbdaffa7463960c8bf177510bb80

SHA512
b97ce7a95de540eb7ca4da6b209a2848f52214fac19638e1c0f8dde57fe35de73bd3262a3cab285f3a661781042e4281bcfdb4df922310455a586c50640fb79c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\87c08558-40ba-4bb5-a49a-40df926adc37

Filesize
982B

MD5
431602ef5be37dc5acfab9d53aa1e0d7

SHA1
6a0e909e7b8ebd12177926099ffc6d534be712a7

SHA256
14e749e98cd6e808845bb89c690d35a8b00445d1009c5a5ebbd5c2db600ac1b0

SHA512
4f89a9a93edc0ef2e7e4794743b96c4ed2b169a13fc7bed5d66f1f0b63379055b8080b475ecaf14542bd3db7def386dcb2c2e1aed6c3fc9cdab2edc2ec448339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
12KB

MD5
20a07a0d35d5906ea32c61dfbdb258ea

SHA1
a229c0090c3370d2f49c866a7a3f8a3d702f964a

SHA256
029a3c05d390d546bfa03575220dbf7ead06511ab46dd38a18149d635edaaea3

SHA512
188ec4805106d5765a0290823670c3cb7e1cd4d935b063a2d541c7d16a0066719cce33677f41d5b3e52d9eaec9854aed08c6ebafb1190fee6213c80ee26a3002

Download Submit