fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09

Analysis

max time kernel
131s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
Size

901KB
MD5

7a821e8992ed424283854f1b249abe92
SHA1

916aa899d7deb683b97bec80b833628ecd3ccfb3
SHA256

fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09
SHA512

17118f4cfd71ee274f8f96cfaa938620a1eb3f85ba2ccca04f44da75171d10360fe559fb55f1313d00b3c9098c27d650c25a56a078e3887ceec14458d373b24b
SSDEEP

24576:SoqDEvCTbMWu7rQYlBQcBiT6rprG8anNS:DTvC/MTQYxsWR7an

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
4280	taskkill.exe
2348	taskkill.exe
4920	taskkill.exe
2036	taskkill.exe
2148	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4280	taskkill.exe
Token: SeDebugPrivilege	2348	taskkill.exe
Token: SeDebugPrivilege	4920	taskkill.exe
Token: SeDebugPrivilege	2036	taskkill.exe
Token: SeDebugPrivilege	2148	taskkill.exe
Token: SeDebugPrivilege	4044	firefox.exe
Token: SeDebugPrivilege	4044	firefox.exe
Token: SeDebugPrivilege	4044	firefox.exe
Token: SeDebugPrivilege	4044	firefox.exe
Token: SeDebugPrivilege	4044	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
4044	firefox.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4044	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 4280	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	83
PID 1484 wrote to memory of 4280	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	83
PID 1484 wrote to memory of 4280	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	83
PID 1484 wrote to memory of 2348	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	90
PID 1484 wrote to memory of 2348	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	90
PID 1484 wrote to memory of 2348	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	90
PID 1484 wrote to memory of 4920	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	94
PID 1484 wrote to memory of 4920	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	94
PID 1484 wrote to memory of 4920	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	94
PID 1484 wrote to memory of 2036	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	96
PID 1484 wrote to memory of 2036	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	96
PID 1484 wrote to memory of 2036	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	96
PID 1484 wrote to memory of 2148	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	98
PID 1484 wrote to memory of 2148	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	98
PID 1484 wrote to memory of 2148	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	98
PID 1484 wrote to memory of 3032	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	100
PID 1484 wrote to memory of 3032	1484	fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe	100
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 3032 wrote to memory of 4044	3032	firefox.exe	101
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102
PID 4044 wrote to memory of 4088	4044	firefox.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe
"C:\Users\Admin\AppData\Local\Temp\fa1a1c78804e92f9cd6e100b61a5d97ee92c987851c4a4bdd359259090061b09.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4280
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2348
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4920
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2036
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2148
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4044
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffdd54ef-f598-4326-9c6f-bb1124b1f7a6} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" gpu
      4⤵
      PID:4088
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9356d59-2fbc-4bd7-8d03-4375829e9c0b} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" socket
      4⤵
      PID:1040
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3160 -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3248 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d96299f-e000-4bdf-8cd2-018cc6197405} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" tab
      4⤵
      PID:4040
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3572 -childID 2 -isForBrowser -prefsHandle 1236 -prefMapHandle 1232 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {369a0dce-3ad6-4457-8c32-0241ad0393fe} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" tab
      4⤵
      PID:4500
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4712 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4708 -prefMapHandle 4704 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb2624a9-c5f3-4e7c-819f-b85908761af2} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" utility
      4⤵
      Checks processor information in registry
      PID:4560
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4896 -childID 3 -isForBrowser -prefsHandle 5012 -prefMapHandle 5356 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {368bff7c-df6e-491e-a982-be95fdb762eb} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" tab
      4⤵
      PID:4908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 4 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d7b5476-0a5d-41f1-b196-6d9b6fcb14f7} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" tab
      4⤵
      PID:3780
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 5 -isForBrowser -prefsHandle 5628 -prefMapHandle 5632 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e72c78ff-a307-4650-a29a-3932735e9a87} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" tab
      4⤵
      PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
50a6b20d5d46dc415d326e9f875c2087

SHA1
46aa6bd252d4ee34fd07c69a3a57f04baf5bb346

SHA256
f1b9d9e6d18cad83cc20e12a668b88e0431f3b575154d53fb305a1b10e5bfd78

SHA512
af70587e422bdbfc51f23359524fe6adb4e3aad1914d34f81d867784e3ad993e810b3c0453e4cac0a3ffcef24192aeafa7e210b2d0ef1324c6950a7b054a9eea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
e56a72e470687f1c55bae0a286d8c34c

SHA1
369b6cd0ccd583963b6e100cdfcd2d5ae110ce5d

SHA256
e961c5458c7a303e4ad0f33dc33483114297bced98e361d588b1f61fc037528d

SHA512
e27e10a2f3fc6e362bb9867c4cbdba89bb44fb90fe39254d84d2ca3bfcf22cbefea245845f18f827c0748c892a041e077a03b70bdf2c6fce82eeeb185cadb655

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
6KB

MD5
aa260cb8cb4f1a58beda63c53ce65ba0

SHA1
8b73ee49b048e0dffe896624803458dfd4f4ce27

SHA256
037df9da679cc6387d31b9e8613ed32cfaef471ec9aa41d5f15dc79785afb781

SHA512
b7ac3c14ef7a8f5f0c189e3a23dcaae9c8f45b19976c05fb71ccfa7b1fbe696b1e768c1e652e0ba84ba3f3c6d78f9ba54753c7a05859ad708e45ed245e1df6ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
8KB

MD5
74c39adbc3e44e25ff1a3521212188d4

SHA1
99d5d6d03afbf741cd54e3ac7e4d4ea4ea89d3be

SHA256
746e07a11c2309f0ddbf1c1fdc2e65e6598eaecef16e03a0181371ca335ab70d

SHA512
bb56e37aa99164eebe9424f8b1968a67c5086ac66ae53c5d7f11f5a1f736f2b66d6d6d7006e22a90c7812f00620753d2a6d66a5fedf033e797ebe8b0a4449809

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
18KB

MD5
2415992f73b01e6f6dfa100e75afc18f

SHA1
8e5b657825a5aaa91bc3939dabc1a85a0bcd9944

SHA256
ec1219f63f563b5e9b05b5ebc7cbd52861d1f0f1041cf48115dad4a4d47a9d7d

SHA512
27d676e3215483e1eabb477811394524c680aa69e1e429a5b89bf09663e24cab23aac8ff6adc0cf398f398eda1ac41eda737e02a2ea541ae60fcd19ae511fec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
12KB

MD5
dabc86e5f584443e8c57a6daca994474

SHA1
c7bb3613cef2ed4b30161d02ddb195285c81f8ac

SHA256
a25961a75db1d89717633d1419e37538c1477bb07c4aefbbb35698e45a510576

SHA512
9a1e0070daac5117dcc2c79bb309404c9ee043d9d66d7e529d65ac8a7d918f3be55b4ce86ad04d243270951830bb54b733dff3dcff9ba4bf00ec799fd1b8fc4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
bae4bd1d4498ad3d4b51c7b8fa92b48e

SHA1
441eaccdb1f07fba8cd16e4ff6e4e185d14e01b5

SHA256
6046c8b1aa42885f6e2aa1c2e33509546e65b88b152b0749d5953d75b7e99646

SHA512
bafe6908dade7160e07bf3685cedef5cee1173c3e0b0ee0a7c0b1aa58ddb514ff7608f6533aa16a3dfac15c0fdf2bde9025226b9d09e36f32eea264c5ce3b151

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
8436739937348e1b24455793d5e43abf

SHA1
2b96b313073eeba0aed910b71aba098d5978b0de

SHA256
21ccb5f38764b3c4ade0cfdb00e25db6b4a20286e51ddcb8f116e18c16cd8387

SHA512
2a0f5ae164e2457c1f1ce3b99b6454ccbab30757764205eddf0c41eb48765d13cde8e3a8f3b54898d0586559b27dee7c5deb014b5774e04daebdc2bcf8f2abec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
958e20b2613ff7bbdb779c338b5933b8

SHA1
de6494193da1b349dc4704431a88c941832af848

SHA256
719573baf2537f9fbe681cad514bb520c2e57c054211c8afac26813f5317f43a

SHA512
638085b21e0d13ef21caf09f2d0e5cd4cfebf0485ba31ad3ebdb12bf0e587740e5980080bb9f051927078351d726c6e0a4570a296ecee34148936ad355b99904

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\0ed4e54a-0a18-4f60-a2f2-3c9dc65fb1f7

Filesize
659B

MD5
7498d7c18d097cbd015bdfca6bbff6f8

SHA1
89772939faca546f538b58b381c4f7c85b8c3509

SHA256
19524f49dcf6b0f92d5b5b8e9c181310f4f321cd5682b77f73935ee01699ed84

SHA512
3969288108400da2f2c02e894601c3070bc1e505776819b99e155af9a7a146424fc5168e1ca2f30ee458f44ebea04f8734ae837555857b9f0c82433292f64357

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\9d6a4b29-0cb1-46aa-bea0-859a1ef11c74

Filesize
982B

MD5
47f13955ac5508e265258193079652d9

SHA1
8476427610a411bcbb74124c0ee8af17aa5a9a03

SHA256
edf9a978d095afd1d781a5caec9231d52f59015669b92823e70973fee4652670

SHA512
948f43e6e24990a509b90f955f7fe106b417d4eb2914b08e9ad91e034e3630e428dfcb6ed756962b6c7c30e83b395f3269a43c83278916bef3e4d490a8084a43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
15KB

MD5
1ea71a1656c8bf9e630a20472998822a

SHA1
a29c0f9780c15bc8e609e160133f31fb079d168f

SHA256
0181215d52642fe38dfa61092a9db1c003b0201853a2cd4ee3fc11a48e3dd020

SHA512
9567760974b59fb632d40775510fc1956a89e4e76da4740129ae09f3393476d35d58bbdf3a711ca8e0ebc767354e88c56b862bbfe328ae9bf99cab6257ce7664

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
12KB

MD5
f4c333d5eaa314676587a60c7695fe59

SHA1
5d9747a12d98fc3cef1d2052209017567a333a01

SHA256
1f2df6bebf3e1d7207391c1b2a26a6e9352b20df47cff135c3d0c5ea9c9ca382

SHA512
a8c902870fb53855980c52452c19f7333570ef42f03869c8d4be2276db23260d9e6c1eb278ab52676720367451e2f4baf34dc03f8e282096fb0f1fa94068598c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
10KB

MD5
b79b91c78631688c8e2ba5b86d98fad4

SHA1
4510670a8b25fcce525d057a2cbf5d633503feef

SHA256
ff5e2ee1a02c59a316a8dffd02380a202ebe8eaab2604104fc35d0b0ae9052bb

SHA512
9daa63fe700b941cdaa54fe9ebcbb18231e8c2067b2746117621bed2da62040bb35096aeaa7298e56db8ed2a433c44c54cce663ef3ced22233dde3753b3331f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
10KB

MD5
da62da824748028166494dc7eda05d24

SHA1
6209723106f36fea06ac08f7a2a68fbae140cb6e

SHA256
fa76c668ecb5fed054839223d30f68165f372e5edfc82ff31cc78d196a7dfb09

SHA512
7860038be1a67ffb1c6db38e1fc213b8abd11835493d0a883f5069d99da93945d06447edd58fa08ebc021bd2fcfee50a1ce4389ce0cd6a17529cebb568d1ee83

Download Submit