91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9

Analysis

max time kernel
132s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
Size

901KB
MD5

1afc6ca33051ebf697daf4ea02562fd6
SHA1

64cfe0ddc48842798859756cd0d8bb1d3dac4738
SHA256

91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9
SHA512

79068d1de93847c90ccae9c5bf13b529770cfa81116a2fd067e94a6aa00a18a194647014997c2ff10c12be083f9955233622d2192e3740e019ab8516319f90e6
SSDEEP

12288:jqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaoT0:jqDEvCTbMWu7rQYlBQcBiT6rprG8aw0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
3280	taskkill.exe
3968	taskkill.exe
2008	taskkill.exe
4532	taskkill.exe
3012	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3280	taskkill.exe
Token: SeDebugPrivilege	3968	taskkill.exe
Token: SeDebugPrivilege	2008	taskkill.exe
Token: SeDebugPrivilege	4532	taskkill.exe
Token: SeDebugPrivilege	3012	taskkill.exe
Token: SeDebugPrivilege	2068	firefox.exe
Token: SeDebugPrivilege	2068	firefox.exe
Token: SeDebugPrivilege	2068	firefox.exe
Token: SeDebugPrivilege	2068	firefox.exe
Token: SeDebugPrivilege	2068	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2068	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 3280	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	83
PID 4916 wrote to memory of 3280	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	83
PID 4916 wrote to memory of 3280	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	83
PID 4916 wrote to memory of 3968	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	90
PID 4916 wrote to memory of 3968	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	90
PID 4916 wrote to memory of 3968	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	90
PID 4916 wrote to memory of 2008	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	92
PID 4916 wrote to memory of 2008	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	92
PID 4916 wrote to memory of 2008	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	92
PID 4916 wrote to memory of 4532	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	94
PID 4916 wrote to memory of 4532	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	94
PID 4916 wrote to memory of 4532	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	94
PID 4916 wrote to memory of 3012	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	96
PID 4916 wrote to memory of 3012	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	96
PID 4916 wrote to memory of 3012	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	96
PID 4916 wrote to memory of 2596	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	100
PID 4916 wrote to memory of 2596	4916	91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe	100
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2596 wrote to memory of 2068	2596	firefox.exe	101
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103
PID 2068 wrote to memory of 4624	2068	firefox.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe
"C:\Users\Admin\AppData\Local\Temp\91b487952951ee6cd25ff253c5ffd8f270290e6425b247d364115f41f5f362a9.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3280
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3968
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2008
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4532
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3012
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2068
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e2b5709-fa71-4905-866a-31d38bd08763} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" gpu
      4⤵
      PID:4624
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0668387e-5c32-43c5-9551-3bf331255fa6} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" socket
      4⤵
      PID:2368
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 2984 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07b5e4ba-6cad-4ed9-aab1-a88ed39ba8d9} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" tab
      4⤵
      PID:3212
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3708 -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66d887cc-a2e4-4a23-87f7-51d73de08005} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" tab
      4⤵
      PID:1588
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4940 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4932 -prefMapHandle 4924 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa389d45-2da0-4e59-8563-957f21c5660e} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" utility
      4⤵
      Checks processor information in registry
      PID:4864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5420 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c7273e9-8739-44ac-95b6-c284e2373a5f} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" tab
      4⤵
      PID:5876
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 4 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6171dcc9-3f23-4728-8830-ce087f5431c9} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" tab
      4⤵
      PID:5888
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5772 -prefMapHandle 5780 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66e5d9b3-0ced-43d0-91cc-f86be5887866} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" tab
      4⤵
      PID:5900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
e535f36a9e30a66b7e335020c77c954d

SHA1
2a316248e470e49a96ff965d066701a1cfd07079

SHA256
f2d7420b5f591304c4d145b1f9afc215d1d9ac0e3a177eeacc02c8da3edfb17b

SHA512
84843641bd5a4d980bacb91ebe5e8df4fabadef8719177d50f0bc79b565d46cb5eaae39fbd794586bca2dd9a479a5eeea2902e267c355ccec301a38193c2b38e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
16bd3315cfb76f43e662444fa76e2e26

SHA1
cf5cdda09cbd54c9d4ac60724d7db1542718c4a0

SHA256
beb7eacccaab7d39aff942d921f27caaca6d279e3a1a98d257b6f5ed934ca770

SHA512
565b5aa0eefc424db0df09ad3ef48b02f4aabd9df47a0f6fc13543bc04fd188030a2e53bdf7532772d51ec1774a89e67113c811a0223b2add78f91ecd5f797ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

Filesize
10KB

MD5
392c39302f12e1c2faa103d78fb5c3ad

SHA1
69c036f975b0c8ad5c65a819f654b92ec6cefd58

SHA256
703fbb2a7dded9cdb0c055593b4cbabf245f2c1e5febf9a181aa008728ee4b53

SHA512
394926a6871ed961860eacb9f09e75f44c587b3ce2a85ae8788d0b1d0a2ad66a1882fd335f4e8e7b26a9e2b1399d9ae30c83c7f0bd3107fd531a8815e46df1a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

Filesize
18KB

MD5
8718e1a47148ecd61a3b40c0eec95a68

SHA1
d6446c68ea9e85eaff0499df9c27bd5b9be116e3

SHA256
c9e311d545b2935e9dc18db7350537f994fb9e2462be4343077448cf523f1d4b

SHA512
48cb90574cdb6fbb31bb0ae8c7cb8f21c026a419dd5849f32f740a515222cb08c26eba0b3a9eec74f9ebc1bfbf328319a4fe68a3787df5ca3df3bc12c10fb35a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
3b68d38b8d490b3addf059cd8ebe5070

SHA1
84c8627795d76c5884bac48eda9d688d956fdb83

SHA256
06d1ee91aa5669add50ebed398f8b46ef200c5f13ade7556900d58745051d304

SHA512
71ba9702d807f5e60519a57e2ca026a30d3afb9ac65823f70801083b30be5ccf121266aded894d96930734557ebfc1a8fd1597e8e5fb0b2796dbe2bb507998ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
bc4bae8102c3b260c6b891d1ca087748

SHA1
baf1b0ba905278fdd4db63b939a623d1748b1965

SHA256
136ea1dbd38b57957e656ae50cfb0f9cc42b5f9c652758de70a2217d8cc43f59

SHA512
b7566a8c5ef991ec3d4c85b606d355bf4d36f3e6e765c984fc9753aa5fc1d6568e630e29bdd82dfff1a101b79c016e0fdc19fa4324080f264c622678738b6ea5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
48310699701784d06f3ec595a68ac567

SHA1
3abb426b7d7d7d1f41cf8e478127b5c86f5f1ee1

SHA256
264521c4eb90f47ab02ee67b7d0ae839a78bb1c25b17dc3c8137e5731886716a

SHA512
9ef3846d36fd257e46766510ae9b46c9dfe62bc63e895c55880a112e9f64f7a93570aa1eefd93ba00c07edb009d9d1c01bd90898acaf7d360c3dbc717aadd2a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\74306a18-d38e-4fa1-9c7e-b506e6abe222

Filesize
982B

MD5
f54a99a94a8e9910b4667d2204f635f1

SHA1
4892ffb78faa6e35fc52519881395dd41fdd22c0

SHA256
20f87e743b83f3244d318fe019e7eb785e93d702ee63872adae99a4c494e18f8

SHA512
23d58fb8239f2a628b0fb332bf537408165b9f22ea9929fad1e4bdf2f88ccde60fba10b89dfde94ecc4ebcc1d75949e9c4d066975be8cccb87b4c6c813fbd539

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\8fc34994-970f-4dae-be2a-6ee267b97812

Filesize
659B

MD5
92373a11c141d7331e32e5afea2c844d

SHA1
6ba131856ce75d1b1a781cd858fbc2c99a39061a

SHA256
731a5eb3a3511d2ce5cf78e3376cef91962ae9ecf3c0f9a7685c74c6aa2cd6d5

SHA512
4d4263f15117b0292810e3ac61d108a6267cf9b76e459475600dfe44a746291360cb2ed28119511fbcc8210acdc48c7b5a87106f90b31d2462638c1deaa1e5d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
10KB

MD5
47f3d11aaf31cb9486e72697fe9516c8

SHA1
61ee9159581a14d65b64b11b2de8714d3d824e8d

SHA256
ab6dcbb19250df098b38e9bd10b81ac4c80004559d1375de03484139fab10cdf

SHA512
5392a2d5f91fea5a68963503edb8f512629a4e1c35ecf2179e65b3aacf2952ee911857c5f06a714d2111e73a1996bf0d1432f97925d858926f8e4af1af98c359

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
12KB

MD5
f0e698309917073c540cd8e98c5a1ea6

SHA1
921b10949da5c91d7e1df89f92956c246318386c

SHA256
d0cd46561fe199849d851a97687baa60e6db9c2dcebcc4a1d92bc58a308bc8a4

SHA512
1cf0ff70542e089854ca383d664e51ecf705090d2f57b9e79c3215d38c133a1efed0f058c857df56fdf4b00f291b6908b64c3ee628bcb8527b5e5b246c1e2abc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

Filesize
15KB

MD5
d7e81e989e8f62b137446c5ffa124e72

SHA1
9a7e109ee6c8f30b9328fe80a92e38d9abf38647

SHA256
394ca8151e5827895d87d38ab32476abe10755ba15d951c205aef2a89aec155c

SHA512
f1bd002b18b833c7137e05f461692d7bb66b070d151554b42b819c930dc59088454f88ea091b9ba9855f47966383df9028309be18f421b495f6e083173190d5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

Filesize
10KB

MD5
6e3bd2e83e6e19f63f5a55a9ae5978df

SHA1
0406ffff0450b25e9fd2e914c6eff51fb5028435

SHA256
3f2eb61fdb23e89c618b128624b1fa9832e7855590ee4c6881114bbf73797a58

SHA512
d8cec2bf9369c2abb7ce1e5d204b8f67efa41b9d38eb4a8b10f1d8077d5f72aadd5577360ab4bc14ce29ec505475d0b70e5a2f25aa46b266295b1c03a086d9d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
768KB

MD5
e019c2725e5e985719e7a743a7ef1adb

SHA1
fb6a0fb4abda09ed75b67c576c989c20e05e69e1

SHA256
c0d801af7a122d9b527176165dec78b31f07245e0f2c902638ed83e1a6fb20c4

SHA512
190a2bc4261efb3922458cc1e81957e2281f9f5a421cb8062c4660c3fdcfa8daf9f97ae624a9e16366a6955453f37fc63e5ae12f046f71e54e45e8a5a675f9b4

Download Submit