64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e

Analysis

max time kernel
125s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
Size

900KB
MD5

c202b9fb5ed13afd406eb71e5cdc8570
SHA1

24620f327145a676c230e8b7a7096f9736f353c4
SHA256

64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e
SHA512

c6d9e48c16d6b505c06cae84e83bbd9ca185a67dbddacda19de38ff4e0db5d00b8f18e7876050a45255ec4feb1d9558c221204d26cd4d04e837584f0687be4f0
SSDEEP

12288:cqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaZTk:cqDEvCTbMWu7rQYlBQcBiT6rprG8adk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
4912	taskkill.exe
2384	taskkill.exe
1440	taskkill.exe
4524	taskkill.exe
1384	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	1440	taskkill.exe
Token: SeDebugPrivilege	4524	taskkill.exe
Token: SeDebugPrivilege	1384	taskkill.exe
Token: SeDebugPrivilege	4912	taskkill.exe
Token: SeDebugPrivilege	2384	taskkill.exe
Token: SeDebugPrivilege	1336	firefox.exe
Token: SeDebugPrivilege	1336	firefox.exe
Token: SeDebugPrivilege	1336	firefox.exe
Token: SeDebugPrivilege	1336	firefox.exe
Token: SeDebugPrivilege	1336	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
1336	firefox.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1336	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 1440	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	83
PID 4800 wrote to memory of 1440	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	83
PID 4800 wrote to memory of 1440	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	83
PID 4800 wrote to memory of 4524	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	91
PID 4800 wrote to memory of 4524	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	91
PID 4800 wrote to memory of 4524	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	91
PID 4800 wrote to memory of 1384	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	93
PID 4800 wrote to memory of 1384	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	93
PID 4800 wrote to memory of 1384	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	93
PID 4800 wrote to memory of 4912	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	95
PID 4800 wrote to memory of 4912	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	95
PID 4800 wrote to memory of 4912	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	95
PID 4800 wrote to memory of 2384	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	99
PID 4800 wrote to memory of 2384	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	99
PID 4800 wrote to memory of 2384	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	99
PID 4800 wrote to memory of 4252	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	101
PID 4800 wrote to memory of 4252	4800	64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe	101
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 4252 wrote to memory of 1336	4252	firefox.exe	102
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103
PID 1336 wrote to memory of 2624	1336	firefox.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe
"C:\Users\Admin\AppData\Local\Temp\64fe0184720def98b06de5cdb4289dbe9357670a973028de21645ada7934e52e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1440
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4524
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1384
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4912
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2384
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1336
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00f88f57-e43e-4562-9d62-46f5f66a4625} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" gpu
      4⤵
      PID:2624
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78e4751e-5bdd-4514-9689-1f42ed4e6055} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" socket
      4⤵
      PID:208
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3144 -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a5ea599-ac76-46b6-9df6-fa13470d8e06} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" tab
      4⤵
      PID:4012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4108 -childID 2 -isForBrowser -prefsHandle 4100 -prefMapHandle 4092 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1adf5d50-9479-474a-8bbd-13b1e83b593c} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" tab
      4⤵
      PID:1860
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4872 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4508 -prefMapHandle 4860 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1a86cbf-2dd7-4213-93e7-302951c59e12} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" utility
      4⤵
      Checks processor information in registry
      PID:4216
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5052 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25239854-3890-48ee-a6eb-f96a1b95595a} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" tab
      4⤵
      PID:2708
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 4 -isForBrowser -prefsHandle 5568 -prefMapHandle 5564 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c473cbe-5cdd-4af7-87f2-3c04d8627fb4} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" tab
      4⤵
      PID:2384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2e50950-20a1-4821-af1b-454acf1c3125} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" tab
      4⤵
      PID:4356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
60ae4bd10f6cffef470c5863bb0b46c9

SHA1
1578aa7d8c2c7c686d226cda055b01566116c20f

SHA256
300cad56b9474543073f97f04a7549ec450c029196cd6ad4877886246c3f24fd

SHA512
95ea87ca1ea9d5a71fd3b0be39006a7bf610395de21d2a5c29107d5075e35631a218c5082176a84307b9753b25d91e88ec6e73a3fe2d9cd3447fdb5b405002a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
056754920c477d7d4ef276b84d9c59d0

SHA1
4e3812e0148a361e53e53653c936bf7628fd7bdc

SHA256
7e8a740f4a6449de86f6ebd3ca17df3ad3acb6aeecd6faad38868a5efc0cd6a6

SHA512
da063046252b603d7f1ed0e30b1a47ff012130b818aa376453994e2709d16c7dd01452b892f37917edce5d816013f4119190fde3ef52c20e8e012aef2c5cb060

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

Filesize
6KB

MD5
7767eb00cd69ac41d02f14d9dd8c9eac

SHA1
d15a1efa84e74f94187f20e6c95ce0d8789eecb0

SHA256
fc02fa2d814fe65c2ec4ae226a0b0be041f49504e592eb73d48621b4fc07e830

SHA512
de19fd3f5b57d2896e504cd76c09fbf2750d65ca7fbaf3cb143dc3590230b42d4ed680e09837e5286f65da308e78e7b7ad8e5c19bc33f1dfec9002cdb816457e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

Filesize
8KB

MD5
c61c6ab60d669d3ced1cfc277756ea75

SHA1
049e4dd8b7dda70a847d58b888dce090cfc5fdcf

SHA256
82fe8b6f6c25fa910678f3097fc0dc9109a5bc3c7e5916950cb16428e7853ae6

SHA512
19f901e0a2aaa33f1142a320807bbd754729e54590954d760500ef5aa3d174049e123ce1f8fc8bd6d7574304e84bec2bb9403860c811510cecec0a6fd4b10b52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
d0eda53a6116f287a859b6dd9dbebc85

SHA1
430cbf6e7e818fa27703816e0bccf53d71eeb283

SHA256
cec03dd785a73ff64009fb1d1da6e5ab91f81c37787924be050d59e10945bb7f

SHA512
1d58876d483d77f78423c6d0fe215352bde832a78ddba7cbe9133740da48cd6e8a352482cdfe573942eda85fb40cf5f1a71f43d73d49d5f1049410d35a222be3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
9419fd1459c4c7a6eb83190c2a1ab0ee

SHA1
d167fe5eead8d1d0d64aca1aae669e4dee3caae8

SHA256
a92eefcf2d31a66c1b8e769078a85f6bc9d7656afbec54a4dd637bf166377045

SHA512
0e87829cf459cc84f55ce28dcc0f47eee693b891887245cde6a744321165410acfe72915ea7807c5b84e03f9758a5170f8691322cf93a244e60d067cfb1c8298

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
598c90c618b210d33cecf42bd3d8a76d

SHA1
a59b2136bde766ceaa8a4b6b972821244819aafe

SHA256
5cbbd8aa7277faa77bee93b024fd8e8376a39f6ca889ee4e8500907793b78764

SHA512
36fb736a8f10475e625ddb9b3773f0a1c330feb74cda22593b1d9ac7f573fdc94dbb303d502a924e3feec0cd26540f8ecdcd6d9fe354c8667103a200c4b5fa55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
446561cc128f029eedeb6922a513eb73

SHA1
54d70a6501b7e40d2e697fda0d0dd87da26515f8

SHA256
c83ab4dbee0e64e19b1dd6a36f7c29a8867c529bd773493563e2d6331dfc72db

SHA512
63d4efd79795ad686ab98aff97279672267523f1ee7b3fe6d5cb6a8a819fe0e813cb8be891d800146cd2f86e36ba55e912503e77c054fca8652804658c9b69c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\27ddba7d-a256-4a82-a0a2-8de57a85d696

Filesize
982B

MD5
caf77e5b5ef774298889b2899fdf0b6e

SHA1
43def9385f3ebe3a1b53bb1238c167df730ce750

SHA256
4ac9ca4fe4467a7bababf878695cad7011ea8b66097746936f068efb19cee3c7

SHA512
9a1c444208b2c540fb2f595eac5e1235752ac7af16332a09b7ade033b599c6b9db9870d40a5afefe955b09e75faa2e8d5abf601c30abf85162b9f57afc2359b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\5d97f5fb-1392-4f7a-923b-abb191a96a20

Filesize
659B

MD5
b7dadc05787741b1d95ecc04236bba59

SHA1
ff401e726efd9824ed6cee0e05f829a15476b785

SHA256
17d837bae8d28e72f980b7cca58630a62d50d891e906e165a9602a82702c8658

SHA512
fe8b92297407b22b712d8909746fc13757d14c885368d25d2fcf839313460345b4a9b2d439a53e95fecd8500983ffc1d9de292f30ed01120f7de19a75dfd6d4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
12KB

MD5
850aac71ec44c65df971582456553957

SHA1
0f3c279d7dad083e945c5efbb169e9b06801816b

SHA256
bd012820ce8418bda751a8cc871c8320553f99ba3098f36761aca0b7fa7f4d59

SHA512
f751a2fad3ce57d045a6ce1afc201379b836e39cf8f7fecbd479c5dcb88b2dcc7072c3373819e1c50253c7cd7cce758cb2098f554a34950373d33983782e89c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
10KB

MD5
6a31f9366c29d629d19fd0c78c021bc3

SHA1
97c4975be7cfc0877fa5e80abf2980cf8c94c0b7

SHA256
784536dc49964a8d8ffff01496d99189d73b60b2baf9295c2e3e9266b5d4e9de

SHA512
1b194ee1ee6d66da825fba9e54b5473364091cf823154afefc8a741eaa2eb7ba0c1694b0e57625fead286ce8aafebd6e9816b5246ce81f9798af707e00c4a835

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
15KB

MD5
782dd4d2edebb24c003b5fee3b5563be

SHA1
f0c0afe8a43532472cf843ee99c801c3383022a4

SHA256
104923ae630b42174dfba73cf13d86f2182645f6ca27cc56330f00940206a9c9

SHA512
652ae359b804d4e9f55d2c5ebed65c777911298c02152394238eb19261669aac0168e6a11340aa5f3d50dfe04ee3f21d9e0c96d96b29109ec2d1fd8c31e440af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

Filesize
10KB

MD5
abf97029b9c9e2038a5643455ebe16d4

SHA1
709618746d948e4dc0c0fd306d81343c3b186bc7

SHA256
7a911057920b3c0bb4cb9a2f9ff2941132f180385e50627a51fcfbeab4c694ff

SHA512
16186c285fba46c1f6e77cad44ac0e3dfd06aa761147fa00c910bbfbb5ed97b36d48dbade4ea89668a17cdb980d8a768f2ec85becb8b990e3d9926ff9b2911cd

Download Submit