b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
Size

900KB
MD5

9e9aac3c17da1438dd0ef6153530fbff
SHA1

c5d191ac45dc43ce2a71407897098240f172f3ca
SHA256

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127
SHA512

251666aa4c05468ccc6f6f0eec34a986c56b1c26d768c49019a6100a7c6c8fab70409acebd6d412daf689a619b234b103c4ab16a77760c0426dad3c549e51bd7
SSDEEP

24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8aU1o:STvC/MTQYxsWR7aU1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
4752	taskkill.exe
2884	taskkill.exe
2568	taskkill.exe
3064	taskkill.exe
2968	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4752	taskkill.exe
Token: SeDebugPrivilege	2884	taskkill.exe
Token: SeDebugPrivilege	2568	taskkill.exe
Token: SeDebugPrivilege	3064	taskkill.exe
Token: SeDebugPrivilege	2968	taskkill.exe
Token: SeDebugPrivilege	1740	firefox.exe
Token: SeDebugPrivilege	1740	firefox.exe
Token: SeDebugPrivilege	1740	firefox.exe
Token: SeDebugPrivilege	1740	firefox.exe
Token: SeDebugPrivilege	1740	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
1740	firefox.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1740	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 4752	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	85
PID 4068 wrote to memory of 4752	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	85
PID 4068 wrote to memory of 4752	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	85
PID 4068 wrote to memory of 2884	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	89
PID 4068 wrote to memory of 2884	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	89
PID 4068 wrote to memory of 2884	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	89
PID 4068 wrote to memory of 2568	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	91
PID 4068 wrote to memory of 2568	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	91
PID 4068 wrote to memory of 2568	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	91
PID 4068 wrote to memory of 3064	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	93
PID 4068 wrote to memory of 3064	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	93
PID 4068 wrote to memory of 3064	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	93
PID 4068 wrote to memory of 2968	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	95
PID 4068 wrote to memory of 2968	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	95
PID 4068 wrote to memory of 2968	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	95
PID 4068 wrote to memory of 1952	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	99
PID 4068 wrote to memory of 1952	4068	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	99
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1952 wrote to memory of 1740	1952	firefox.exe	100
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101
PID 1740 wrote to memory of 5032	1740	firefox.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
"C:\Users\Admin\AppData\Local\Temp\b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4752
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2884
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2568
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3064
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2968
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1740
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1b639aa-b0b9-4846-87b5-cbc52344f727} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" gpu
      4⤵
      PID:5032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {891c276f-fc10-4f45-982a-1c8cf94bcc2f} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" socket
      4⤵
      PID:388
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3000 -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3028 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce6a9697-ce02-4c3d-bb4c-de8748a80df1} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" tab
      4⤵
      PID:2964
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4104 -childID 2 -isForBrowser -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4ce93a2-4f63-4ae2-a4c5-0a2784d7b3c7} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" tab
      4⤵
      PID:4532
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4896 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4912 -prefMapHandle 4808 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d6236e9-bfa1-4525-8ca7-ae5de778acd4} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" utility
      4⤵
      Checks processor information in registry
      PID:2668
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3900 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faf7e820-4275-4087-8343-a457708e0c7b} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" tab
      4⤵
      PID:5040
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5532 -prefMapHandle 4844 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {644a9971-abb6-4b31-b451-aa220f45eb0f} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" tab
      4⤵
      PID:4408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5700 -prefMapHandle 5508 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b50bb90-416b-4beb-979d-7ffc5a056e9e} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" tab
      4⤵
      PID:4112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
57db9716dbe5864156afb4647f43ba4b

SHA1
ace13d3ef5f273bd42739e262fca4bb10bb76c26

SHA256
2d3c337540c34c174b77aee71ab596ee96207e46a7fb9d234eb78cf3338cf650

SHA512
2ab6ecaada79e3d0996063254735e4d46e2e395f4c6644f7bda451e4ed460b5f0f69a41c46743ff05d53fe1769acd28836f2f9f6311b677ea3246c96c4455792

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
0aa81273daaa6cee5bd7f21a72c48d2e

SHA1
7a934ee83b3aa7a5b18e3e71b07483c7bc29d407

SHA256
0f5a802bfcf393d30b54998fb613904fae612ba20fe20c0a939b943ae9a03d60

SHA512
eb41b23e83acda706ea4218beded3d1707487ba220843d84cd7b42fd98717d2de64eee524b969e32ca84cc24fb022a71cab85eb371f74f6aa9cda17faf006d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

Filesize
8KB

MD5
fc6e539c1b1ee328500d79d36cd2c97b

SHA1
85b088d8f23051da50eb2743903c4ffc6712b634

SHA256
5300580e1eba7689b7b274fba1a2980a4eceafcf32fe0762ae350227ee2e776f

SHA512
be545b6722bd49ea5b6d96efa5b8f219ec59e2596500a478218d34afcd98973d75f720a8219976eb99a8ed073267842ef0c11bd3e8d5be4eb5570edd1fbc93e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
58213b550a16660441b85b05b04b7b55

SHA1
cb63b0f6c92d7e15f1e34e3f3a71fb0b038937bd

SHA256
aefaebe2d2ee83ea4684f7cbd6067cc0f1c6a2579ffdc5d4e3e392901c91300d

SHA512
6502c7d5815434d2ff306194d2b785fa1af16750a6b0c461ad9a4a363bf9744f44aea6cb9522922a18b62402821874262eab1c9aa9163e55f013904cc53cd597

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
eb5495dadb2beb8100bbaebefeb2e659

SHA1
f51f73165e46726e0acdfbb1c21d0f48e6220313

SHA256
899ce733bbc40e7e36f1e499ae3b94811a7adfb35dfee2c5a974d57c26b37f0b

SHA512
fb5660759a28d329cdcd0d6a9cdacadac3e9aced122795ea0a48d2be932ddea7954635fca6f65bffac04ea0d36e6bea1b076330829695cdb8f772dae1c835c3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
972d6c2be38b34feed3f1293473e53e9

SHA1
d169379c3a4f7cf14650220d566cf8c817e48de4

SHA256
c0ce1f0955b4c484e6a88f0f4abd425eaf3c686382e31b6b31551de0d1925adc

SHA512
f0d9740008b43c5033209d2051f3f1d6e86034293aa4c8e8ca994a42c3a37474d0829e31a7b23ddc04f4b1b623a61f4d88eff4f89e1bf563b31f07a0eb54164f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\14df7288-d4b5-4d80-a2f8-706b1214aaaa

Filesize
982B

MD5
1b5adb34b881b3a2cd7e6d5f68727b35

SHA1
68e37ae2b2fa90a5c82ee1cfdac17ae7bb3781c5

SHA256
6694a959dc4b0a4442beac5b100ff0f86ac8b29ba0440477816ae7f7033645e3

SHA512
8975f792bf459ce419965eb27c08e51d15e6cd7f4f5cb659ff71e60b59646bf3ee18d83b8eace8acd251c5f13c80911897bbffdfae220d087434d4984099cee2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\5ddf38e8-9e16-4be4-962b-91671d1bfa6b

Filesize
671B

MD5
e5f2eda0f3140a7a7b266d75c70f9bf4

SHA1
8f3f65c722dddd0eef29de22bb07744b12671158

SHA256
e13c3b824dc78bc8bb18cd67ce4e44c4ef6d9acd5f9b080a8ee2dc5d19e27335

SHA512
6eb29fef54312fbd2749d1f1e2452e3c73df03460c75205ed6fb4a70498fbec3b6d2758aecae66a52585e4fbecc1e99e89630beb8fc976b9c42a73ea1422e4e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\75c61d75-4bc3-4ecc-a8d4-fafb547a9abd

Filesize
29KB

MD5
635a0d7d5bf58018565913c10d238863

SHA1
5969673e1556953545311cde70664e590cec1b00

SHA256
c46431de064b736d43a5bb3ddac2d7ae2c9dc90288dc57e57bcd531964c8d11d

SHA512
53b1822ceadad2eab0f0f6480b7adcd3036ffc76fbeae08ea04c821505197ae10735d1db0b62653f4a0202aebebd4e4ad243af896bac3340f91b757f84c655de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

Filesize
15KB

MD5
640e2bf382dc22455dbc534277dbe4eb

SHA1
812c1fd557b5d41101bd77322a31e2bbfefa9fc6

SHA256
73b28e267dacd14b9fd20e1012691a110587c1e34d7870c153a446bb3d8c43e5

SHA512
a3f389622031e15ba2f4321b843421afebdd2fa45eac9641f4b3c935717fc4a29663f34b09ba2d9b00ddf3d47f91d8eef339a9a47c393d98fc9fce7b2e7b3ea6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

Filesize
11KB

MD5
acd9ac0b2fbe06328f32d0f52cc59bd9

SHA1
be686cf98832f3561c703120477f3b0de7ee1044

SHA256
2d7ad277d0222e2e66b5e09a5f74af5aeb054f66653c0d1668e09c743e2dba54

SHA512
a9d3687e673a429ecbee0a2fff833e278abe5411aca4c1fb1517b8433bb086bed06fd46e51fc2092e71f977c42194e7443febd12b422dd1ccce3df2a58fdbc76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js

Filesize
10KB

MD5
e1c92eabaaf11d4ab322317d520cc3bc

SHA1
14ced88e11cd47020f01424bcf17f5c33a68fef2

SHA256
585a5fad12b24ccabeb341a827007d697cda5ef187bed99847788b48db01bc66

SHA512
d18be99c04a69a2c856a37c7bfcba296f7b437e9742126bd7613f643e11c629206cb6a1e04ce39fafe35633c094d17407dfd5b5e73506e020fed29dce7d35967

Download Submit