Analysis Overview
SHA256
5436bad558c5bf3cb413020100e8426c0e07a45ecf34d679a753e168fd46d9fc
Threat Level: Known bad
The file test.exe was found to be: Known bad.
Malicious Activity Summary
Eaglerat family
EagleRat
Drops startup file
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 22:32
Signatures
Eaglerat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 22:32
Reported
2024-11-20 22:35
Platform
win10ltsc2021-20241023-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
EagleRat
Eaglerat family
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.exe.lnk | C:\Users\Admin\AppData\Local\Temp\test.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16b360e9-ca32-4256-bfe3-a50da86f8c21} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8b4373d-fcd8-46a9-84f3-547ab05eb3a6} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3272 -childID 1 -isForBrowser -prefsHandle 3292 -prefMapHandle 3288 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51b54540-f136-47f8-b152-20a3c7287dd7} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4312 -childID 2 -isForBrowser -prefsHandle 4308 -prefMapHandle 4304 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a7d69a-aa70-40da-bae5-d6c00b678e66} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5040 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4884 -prefMapHandle 4860 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7443e5ef-4b1c-4fbf-9640-39445d1b43c4} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 5276 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fac98fe0-b4c7-42e1-a0a1-b1020a26b89e} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 4 -isForBrowser -prefsHandle 5420 -prefMapHandle 5320 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6536294-67ff-4018-9384-6c2e3e68b967} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 5 -isForBrowser -prefsHandle 5652 -prefMapHandle 5656 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eb8c5a6-0cb3-4775-866f-535ecff3ee42} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| N/A | 127.0.0.1:49758 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 63.125.164.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:49768 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.199:443 | r2---sn-5hnednss.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.199:443 | r2.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.132.217.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:9875 | tcp | |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:6969 | tcp | |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:7788 | tcp | |
| N/A | 127.0.0.1:9875 | tcp | |
| N/A | 127.0.0.1:6969 | tcp | |
| N/A | 127.0.0.1:9875 | tcp |
Files
memory/1896-0-0x00007FFF605C3000-0x00007FFF605C5000-memory.dmp
memory/1896-1-0x00000000003D0000-0x00000000003E4000-memory.dmp
memory/1896-3-0x0000000000E10000-0x0000000000E2A000-memory.dmp
memory/1896-2-0x0000000000DF0000-0x0000000000E02000-memory.dmp
memory/1896-6-0x000000001BFF0000-0x000000001C066000-memory.dmp
memory/1896-7-0x00007FFF605C0000-0x00007FFF61082000-memory.dmp
memory/1896-8-0x000000001BF90000-0x000000001BFAE000-memory.dmp
memory/1896-12-0x00007FFF605C3000-0x00007FFF605C5000-memory.dmp
memory/1896-13-0x00007FFF605C0000-0x00007FFF61082000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\activity-stream.discovery_stream.json
| MD5 | cb07964f0e20dca054521ecf216aaaf6 |
| SHA1 | d7de3ed6fd3b60dbed1de2f1faf4eb21204a9113 |
| SHA256 | 3b4d0feeb5dcec9a6525c7c9cf4a5dd02a0aaa78706bbf8b558744bbfac05922 |
| SHA512 | a0499ff5b0cdae25336108740233b585348b6e4dbd8c0641c52ba9ef81487aa617cd160dd6e22485d01de3601a5531b5fc68905714f2e057cb2b73a48c4fa47b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.exe.lnk
| MD5 | e465c4f14ea58bae631ef355b73c99cc |
| SHA1 | d7fe0b839b92ccd094ea8658eb50ad85830f822a |
| SHA256 | 6de8005e4cdbe7bd9bed9a442966f5f6af0141b3060f2a9f12057b969b69d978 |
| SHA512 | 1eee0062bbb089be910dcea63dacc493cb6feba308d5c8ebaae54898cd6559cdd1b9480f7ed8dab5a0d6495145240ce58dfe3790693029dab573066a16f799aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\4fd21ed3-6227-4b87-a3d7-70cc85f00b42
| MD5 | 23a01beaea0d8daa47cdfea31b894681 |
| SHA1 | 6801a41f353e6ce6524c7a23a60f627c64ee3e47 |
| SHA256 | 71091bfb5cfbae275b4de4ab3021f36f93ba7233ea5edca20d4b7c345777556e |
| SHA512 | 6999b7dde44b5f9c38ff82db0b26584ffff7082b4053fd0956eb5baf1db6b9fcdae45ba2c59e1e5e50fba9577ceb2593b8df5a13f3c1f1060e58647d83dcb796 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\80d1f8df-71c3-417f-b5c4-510a4252c7af
| MD5 | 5e9f2bec55f96f0b1b1c8d8b8b5cae3b |
| SHA1 | ea58c724790acdeb71d97aa03a585e5caff90b4d |
| SHA256 | 1afbb64877a8eb9e87717fa84ebcceadea3a60574ea5af049e7774df3b721103 |
| SHA512 | 1e6ade68a41c7ceac2432fe11e11e32b31ee10cfe71cc784158dfb657e6f306b286f0edcf354139551f36f6181dcad91d79db0707c83d70c64212829a2c54182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\932eef76-eb92-44b0-b837-216bb58556a2
| MD5 | acb51b6e7821545b8ee3a8d11207509d |
| SHA1 | f21d405a5af6af2d52488fea88a54da75165c91f |
| SHA256 | 8d793f888cc07b72f89182a0ccc0e0e754ce6aeee363014b3b4a48cc123321ba |
| SHA512 | 0fda5901ad93c54d892a30b0ff73b8bba6cd24f26492223b82d51d789938ff63ca2ea4fd5f61aa13059018f60456d480dc247070c74cb9ea0a202d6da62e9f3d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a0f583fb36ef5062c8ea1e90150118c4 |
| SHA1 | add14fb3e0c03dd14b72b915e6c285a48f474ec8 |
| SHA256 | 9e3452afdc673597cfad8aaf994e30e27309097f0ab91c0fc4cdae56d814d883 |
| SHA512 | 22e66ba40de44c3351638c612802992b0b2e40629fe0720530c58803a8d3f71de1bc245b9c12d5a9ab4564801f348e45cc1c8c159d26fdaf3a3d499e42b4f7fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 24ef09a03b5f8a9fce6cde8d5f15e82f |
| SHA1 | bf681a5e87fab58a59bd5a428558ae6e30f42aec |
| SHA256 | ec2ba30a9a2f6e13cf4e38c1bd96d914c2fbd7bacaec30e666c63a789b2f55f6 |
| SHA512 | c043bd83dbda82e79f62c1aa17d2833b81faa960143cd715c72f17f6dc0180963d85e97ed3acc54f17d16085739e0341723658ba28e4644ae2b8818e6e745264 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js
| MD5 | 60536dbd7d6d6415076afb430657afe5 |
| SHA1 | 7813e7a43ea767f001b2f19f9f63b539b3b71926 |
| SHA256 | b967c23ef944e8c2bd9b65e55333f88210eb4ae354e41b4c82774ba05165d26b |
| SHA512 | 68d2a5160cf29139cda66d2c78b64a7689a9456e55b618e92f3fe9b1600f74482f0d4ca5a9fbdb5f7aeb3079e8764642fe47a2d2828f4ca688474da73225423a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js
| MD5 | a430c31e1981f9c82611f3ea44c85014 |
| SHA1 | c45710030663d79865869c3f7a9776dcc69e6ae9 |
| SHA256 | aad961431092892d8ae125e774961d4b60f17b19c58e526e24995b4b0922fb76 |
| SHA512 | ddab1afd38a596f952c7740d3737dbb15001b6ce6f4274b170b238e6cce4a061da3ba206c29d0af347f400a0d1a80fa942c8ed99daac39ab16b423fa41aa9560 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 340c62cc0e37b83657999f934944240a |
| SHA1 | b228dc620313711b96418034b609f37755e5493c |
| SHA256 | 8cac553f30591e7f3a50db50f45d0a4869b1a2a5e1a47d611ef1ec6377ef0c2e |
| SHA512 | 44b83497c1587cd916cec9acb299de31088ff9b2f2c10e3f2744a1881c12c888a4f1062a6a72eb2ea04cc8daf2e66990d9e9670c0312c875040e0cc4764b3a18 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin
| MD5 | f25b4ac37305f41cb65f75738272fdbe |
| SHA1 | 3cdc9c41184e04be88f53444947e0a41de3263a2 |
| SHA256 | 2e18d0eb497348a92a163877e89fd614865af06fa217a4deed2adf96ca8d6bc9 |
| SHA512 | 2457c812b47be16c0e16cd2b03d3cd59d4d39bde514877016cea3de99d62b003146e142db1c7c72c46fd30ee3c14ad1bd6317857572241a8b320f6b2c900757f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js
| MD5 | 29b7270d2f11638c7a59a412ad34fd49 |
| SHA1 | 174781ff4e9aac13409b07570b944552ac7913b0 |
| SHA256 | ef53c58cd8cf1015fc193e7cba882e37d344e3c90be374ad780da7f8ce09aac4 |
| SHA512 | 0b132b1a1d27d87ba38595dec1222fc0af6c7f8f3c1d0ad941e92da16cd4d5c142c1d8ae7fee6dfc71609abe3ddadf80eb02f734affbef7623c770bfa4339200 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
| MD5 | 7fa1e2a9e430b3d72d48c20bfdb7e22f |
| SHA1 | cfd2768d956e3132158d568d0f2a37aba9f22c28 |
| SHA256 | baa750fb4033e2a7948ae91a2e61b411cfb8fc992f97a0b9a4519739d51d155f |
| SHA512 | 51810c3cac036848561280871d54b6005e3fc364b0bb214d238330e7149810ab7c48cc54d16a5de6d82336e5fa06592d280c0314a1659ad465c13fd96835c583 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 65133b7ccdf50af075800be539737b9b |
| SHA1 | b7d844ff69a14c590ffa008cf8b017f8fcac83e5 |
| SHA256 | 5bf1c7c8bcd717837e50f6f62e4116251ed4b46f27423151d29b57e759241e6f |
| SHA512 | 09364c7813b292aea4083ab1eb067758b0163746095bd0f1bce0e430dc40eb7b01e5291d9e60bb1eb9b3fff5c6cf2355d21ee2921f6a78a96e2264427e31f3c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js
| MD5 | c512626cfc5ebe93cbc95eb35d9949e2 |
| SHA1 | 969c463d1681931ff7d0846a0e78bbbdb1b6bab1 |
| SHA256 | b67acca99094f55e97ce77389464664cf351ccaf3f338b6c476473d4a35541ab |
| SHA512 | c8c9e03bdbd75117b44a7685aee384b5f824ce565d886f54df7c4393856a8706edf6f782e0f16fdee8dd8f36eb5087e1cfe48d5276e553af9be7023beedb6846 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | e0a7d6c4e606e58777fa0665fa23a4fe |
| SHA1 | cccbf202ad2fe5e5601a380efd90e50eb4444104 |
| SHA256 | 41ad4cd3d3e1e6b15b8441fddb1bf56aef0e8157f79b7dfbf1330031d98367fa |
| SHA512 | dbf9ffc427c0f3c908bab4469d546d2523eff1ccc679c45001baffd8395b6ba8564df74f06d4821272d6af1cde4ea7d945ec55426f1a81df820e23120b35a4c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 638c988bdafe33bbbc07237226183499 |
| SHA1 | 35444094a0b9e059b7b4407f4a9e74e9ca888984 |
| SHA256 | b350a779ce0a1f7198756e22df80f019c941e6e93b15f1579511003abbc268b2 |
| SHA512 | e9ab00fbe7185cc9bb8f1d88e0a59f3bf3afa94e7ff4975d9da2df803497d3fd2cf2ade69194ce3c26f7f24a1129f647af77252c56cf9315f3193178d6dd5949 |