0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc

Analysis

max time kernel
128s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
Size

902KB
MD5

bd734ea867c9c39a4f1381bb36925be6
SHA1

fb145e01c0b1091fdfccc2d060bc1183e9f1ebfc
SHA256

0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc
SHA512

a4ed3e18da5b1fbe499fc8be27c821285c11b17bf8952b2448c5fd9dd7f61077733e4ae2dfed1fd97957b76ec89f8d738959f1d717b2107904395b796b460110
SSDEEP

24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8apMj+:oTvC/MTQYxsWR7apMy

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
1500	taskkill.exe
2376	taskkill.exe
3044	taskkill.exe
3424	taskkill.exe
1912	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	1912	taskkill.exe
Token: SeDebugPrivilege	1500	taskkill.exe
Token: SeDebugPrivilege	2376	taskkill.exe
Token: SeDebugPrivilege	3044	taskkill.exe
Token: SeDebugPrivilege	3424	taskkill.exe
Token: SeDebugPrivilege	1504	firefox.exe
Token: SeDebugPrivilege	1504	firefox.exe
Token: SeDebugPrivilege	1504	firefox.exe
Token: SeDebugPrivilege	1504	firefox.exe
Token: SeDebugPrivilege	1504	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1504	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 1912	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	83
PID 4612 wrote to memory of 1912	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	83
PID 4612 wrote to memory of 1912	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	83
PID 4612 wrote to memory of 1500	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	91
PID 4612 wrote to memory of 1500	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	91
PID 4612 wrote to memory of 1500	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	91
PID 4612 wrote to memory of 2376	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	93
PID 4612 wrote to memory of 2376	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	93
PID 4612 wrote to memory of 2376	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	93
PID 4612 wrote to memory of 3044	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	95
PID 4612 wrote to memory of 3044	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	95
PID 4612 wrote to memory of 3044	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	95
PID 4612 wrote to memory of 3424	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	97
PID 4612 wrote to memory of 3424	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	97
PID 4612 wrote to memory of 3424	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	97
PID 4612 wrote to memory of 4720	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	99
PID 4612 wrote to memory of 4720	4612	0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe	99
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 4720 wrote to memory of 1504	4720	firefox.exe	100
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103
PID 1504 wrote to memory of 4540	1504	firefox.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe
"C:\Users\Admin\AppData\Local\Temp\0cedba062dd6440e2948e2af5e4d4d88b70d0e78d51d685dcfe0588b654227dc.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1912
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1500
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2376
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3044
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3424
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1504
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2044 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d9341c3-c554-4b42-861a-6864cace2bbc} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" gpu
      4⤵
      PID:4540
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {668d66ba-b458-456f-8691-072c5b2d7388} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" socket
      4⤵
      PID:2408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 1464 -prefMapHandle 2812 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead8658d-b52e-4055-b655-ee4bde1f3ae9} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" tab
      4⤵
      PID:3512
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4128 -childID 2 -isForBrowser -prefsHandle 4116 -prefMapHandle 4088 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acfa1fe9-2dd8-4088-99aa-1f1c3edbe0ad} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" tab
      4⤵
      PID:1164
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4884 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4892 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be3dd9e5-965c-4fd3-94ed-3242d1dee61b} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" utility
      4⤵
      Checks processor information in registry
      PID:5256
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5092 -childID 3 -isForBrowser -prefsHandle 5136 -prefMapHandle 5132 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04439f7e-8525-4c25-9eed-20250c94c198} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" tab
      4⤵
      PID:5428
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 4 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8d5b136-b0c0-4bb1-a831-b98529e8cf2f} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" tab
      4⤵
      PID:5476
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5280 -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5500 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c1221bd-6df5-43fd-bbf3-c41d038c9ac2} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" tab
      4⤵
      PID:5516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
bef98474cf4f03950345eb86741e182b

SHA1
240bbb0c82835ef5936f58ae448d2434f583fec2

SHA256
e29cf6517cb52bf3683d92da38efa4b68c840580f323c90dcbab9b186df7e546

SHA512
ed9b1f25a9e23ad5a9e61dafdfd79866315946fc3c2d3363665d3a7b25dc86ffdf59c85b84b06b22f4c797387f61201e20e560985c9fe09fb8bcd090ed9218aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
ef257b36a8bb71e2c47faa1ca98e2e64

SHA1
bf36395b872019c7245220ae5dd2eb7ebe87e62b

SHA256
515f0d0de33a37afa7c7638176eb3f23892ff24412f52ac1cea0ac7d9d0244ec

SHA512
9e801eff65a9dad318ebe6c555ed56cc047e379bbac313922776a41bc0ba5be103c65983cc1d9b132b9e5f1cb51aee1a98f89a364ed3192efd48a93ed641462f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
12KB

MD5
576bfd107098939c93f5e6a3a1230c95

SHA1
4db80f8336491e17db7a8f12c788cf15815af477

SHA256
293d00441379772cd6476ff8dea28726c5e97202855a492cc8c9a44c715b3cc8

SHA512
a0a58309b6a6fb6b4a808268876853d7f39006cf343ef45031a3290220aa56e399126f8b0433dd0ea8876fb4ced03346418bb547813f645924378c2c86e4b55f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f5f58b31a74d0e4ead62c4c807021bcd

SHA1
9134187795913e069fa3443889d6ba081663106f

SHA256
2eb738f29acfa946fbaa0415365e3e4ebcdbd7c4e99bf9f6957efc0d7301b990

SHA512
1723c90ab9dc97274b6852a211153a377ad56dcfd1e0be861efc6614f92b7557c8c1a28056a2298e48e2b0f6d2b11adf59c069541c011ccd61d860ab5435c3f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
1d6f47ea759660dc186874860d258a2f

SHA1
ffcd0d3fcda59be95e4459aeb367bdbcceb4e5de

SHA256
a8341da2f36643ccb1bb50696f44e6e46daf685b72116348d403e50107528c62

SHA512
044e0923e2174e3c032a673f04e3f7152361ff55372063d4b8deb52949507792752e1a6bb4308c7a5114bb833baa47c8cfdf5e857411aa9398d81e90cad34250

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
eef1f6f5ad5cdde7fac99815b3032d7c

SHA1
068e90438ab41a81bb4ed2a441815190ae98dc92

SHA256
4779d2bb629eed8065a47662f0dfc0888a148ca4a6580479d7e09849b8fdeabe

SHA512
322559f52d7ff7626caff20d412f35298a1cb41eb367780c9cf68e5a07e6d19f4057ce245a43b562b9959e2b31e87624c9a00bfdc91d8e96f26c80a2c93b9554

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0e6288ac346a51599db9dfbbf2267b7e

SHA1
49921b33bef2db32e6e484b2173c030d2674a7d4

SHA256
a4064295e733365fda9555eb4d829e9a0b665153bdfb79780581436d227999cf

SHA512
6c751ca33b454dd97a598a507b47f66d6861107be60b02629869a7b51702a976ba1a8b46d712f42aca99583ea28657e2547fa49ce38f2feba012bf0b0438129d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\56f3e1fa-d94c-42eb-874e-40dbd34cc6f7

Filesize
25KB

MD5
165890e73c7677a3dbb37f91252aa3b4

SHA1
8747f44b8d0924e2f75a74cc7fd61987be66f602

SHA256
32b92f3ba1c1727cf1c59b06b2ad7ae52e67ccb22b172bd6a7511c32680b24f9

SHA512
89bd31946ffa9b85fabc501430242184ee6abce7b4fa8b2e08964450a2f68eedad80784d119fbd05f9dacfc44cfbaea5523a1ca733465d77fd220b641d96fbbd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\78c7b75a-6274-49ea-ab92-eecd923119b0

Filesize
671B

MD5
af27d1366716334bdb5f8f450bdc08cd

SHA1
c1024085924b5f6d3ab3f2f75fcaa3a522f75263

SHA256
559dd8aa4ef644ea6643787cac5206563ff49b98970e757007ffdfe070972660

SHA512
88ede40e6e15e50e78a498cc1f823c7ecdcf50f4e67841f1576a192497fe06060c398941a4f692994c93f0ea72f17736c4592ce000b1117157aba36f61286c04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\b7988447-7251-4955-ac33-523f66c0526f

Filesize
982B

MD5
92c2bd37cffa43cf790b05879158938c

SHA1
918bde1a942402d960b53a514980a43a52b2f2ab

SHA256
5e8a27b3de1f3ab3520179f89a9aee96355b8d82d5215b1ce95d7a1f5f5e4803

SHA512
1e1d79af741c99aef550b11138cd2337fb940eb9bb803feacb37d2d680653ef9efd67bfd74d0ccd3764a402141847c8b46a7a7622a9e3d3afa8fa6de25e0fa69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
12KB

MD5
906653a9f7d2c8a5d6cbb8a8f944d158

SHA1
31e188f5340bf963d20160ce0ff7cb60dcc27d02

SHA256
396257a4e6b49719e31c33bdf111c694458ea03e14cf2439f6b67dedcca01f7f

SHA512
f76ec64f781d53fa66618b539675bf7a860da938a98ada172c37a19ca81e6ccb62e2fe42b53555d4c6964de95c0f5c69ed82943025c02426183e15b56effd981

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
15KB

MD5
29a59a7985c81f97d1192ea52156bfb5

SHA1
2b7a0be8f22eb2f99fdc6dae8451e02a6fc62e99

SHA256
7b92955da3f045465a1c5c2c6392b13c367a582081390558d64520b2806a215e

SHA512
c59cc0af1cd7a3c9ee366cad462d23416334d3b46764438f8c5322a9fb9b548cfb15ee07f69981fc228fbba91b6dc75242df8380eb3cb45232b603142acabea0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

Filesize
10KB

MD5
4f318dc55ceb6426f604ec4a8004e5fb

SHA1
f87746d39422ec1cd48df0f3c0315faeb80395ed

SHA256
8a1a067057bf5db62dfbc39ed05473b18e83572da31519727b010e8272395def

SHA512
fe511988717cb1922a95dbb49b96a2c06b6464f63521eb981664a04a907cca390793af3d766cac3302153fe629435ffa61f62240c877c8ebd100e222f5ff939f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

Filesize
10KB

MD5
0b99609b4ed9663249392a04caf5b44b

SHA1
d8064d2b2d17f31d557e109a98bbb862f97cae09

SHA256
6ee8c415a129e99a9dde1d79b6534edcff9c43439abfb5b0cd87cd1807d509a3

SHA512
c5d859f4dafb89d4bb0636f1af15377811d8cbde5ca8b14e4a286a3d7be7bb8b9a41d6e969e54108ca6c1ab75d65537d84bad336f78504baaa3d7910d9e45183

Download Submit