6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a

Analysis

max time kernel
128s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
Size

898KB
MD5

97ac08d46685b80c30c7959894bb4ff7
SHA1

b39b18a922834fcb3a99f357d29b142ca531b4b1
SHA256

6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a
SHA512

ebc7c484e4c88605c97a4031ea6dd66ad9e483c43883c24c6ce7c3e7247c8a85a1b7e59da035b80ad7e1bb11820b3fdb3040902e01117d1057222c2886510f7f
SSDEEP

12288:zqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/TO:zqDEvCTbMWu7rQYlBQcBiT6rprG8abO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
3388	taskkill.exe
4696	taskkill.exe
2232	taskkill.exe
1120	taskkill.exe
4480	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3388	taskkill.exe
Token: SeDebugPrivilege	4696	taskkill.exe
Token: SeDebugPrivilege	2232	taskkill.exe
Token: SeDebugPrivilege	1120	taskkill.exe
Token: SeDebugPrivilege	4480	taskkill.exe
Token: SeDebugPrivilege	3852	firefox.exe
Token: SeDebugPrivilege	3852	firefox.exe
Token: SeDebugPrivilege	3852	firefox.exe
Token: SeDebugPrivilege	3852	firefox.exe
Token: SeDebugPrivilege	3852	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
3852	firefox.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3852	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 3388	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	83
PID 4720 wrote to memory of 3388	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	83
PID 4720 wrote to memory of 3388	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	83
PID 4720 wrote to memory of 4696	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	88
PID 4720 wrote to memory of 4696	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	88
PID 4720 wrote to memory of 4696	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	88
PID 4720 wrote to memory of 2232	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	90
PID 4720 wrote to memory of 2232	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	90
PID 4720 wrote to memory of 2232	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	90
PID 4720 wrote to memory of 1120	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	92
PID 4720 wrote to memory of 1120	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	92
PID 4720 wrote to memory of 1120	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	92
PID 4720 wrote to memory of 4480	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	94
PID 4720 wrote to memory of 4480	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	94
PID 4720 wrote to memory of 4480	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	94
PID 4720 wrote to memory of 4588	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	98
PID 4720 wrote to memory of 4588	4720	6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe	98
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 4588 wrote to memory of 3852	4588	firefox.exe	99
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100
PID 3852 wrote to memory of 3532	3852	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe
"C:\Users\Admin\AppData\Local\Temp\6a65ff25c8fc1c74956fd32556ddb5203cc2a9a3bf2d72abd86c9b66df60209a.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3388
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4696
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2232
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1120
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4480
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3852
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1864 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d768f175-65f4-42c6-8b00-da10b706dd3f} 3852 "\\.\pipe\gecko-crash-server-pipe.3852" gpu
      4⤵
      PID:3532
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e404c787-f73a-48fc-952c-8da5bddd8a14} 3852 "\\.\pipe\gecko-crash-server-pipe.3852" socket
      4⤵
      PID:3896
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2880 -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 1440 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db7e0c54-6a35-44ea-8a20-933f0eea812d} 3852 "\\.\pipe\gecko-crash-server-pipe.3852" tab
      4⤵
      PID:1312
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4184 -childID 2 -isForBrowser -prefsHandle 4180 -prefMapHandle 4172 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {122ae347-873e-447b-9058-399e774da18d} 3852 "\\.\pipe\gecko-crash-server-pipe.3852" tab
      4⤵
      PID:3700
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4860 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4732 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acd9ce66-c19e-4541-b6cc-47f41a525d9d} 3852 "\\.\pipe\gecko-crash-server-pipe.3852" utility
      4⤵
      Checks processor information in registry
      PID:1412
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -childID 3 -isForBrowser -prefsHandle 5232 -prefMapHandle 5092 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9ea2529-3b7d-4c54-abc4-d4b519b60f1b} 3852 "\\.\pipe\gecko-crash-server-pipe.3852" tab
      4⤵
      PID:4044
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 4 -isForBrowser -prefsHandle 5488 -prefMapHandle 4828 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6bb2afe-cf59-42fe-b350-7ac9ed0954d3} 3852 "\\.\pipe\gecko-crash-server-pipe.3852" tab
      4⤵
      PID:4588
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 5 -isForBrowser -prefsHandle 5776 -prefMapHandle 5700 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4375f100-e35f-41ae-9800-6faab6a956c6} 3852 "\\.\pipe\gecko-crash-server-pipe.3852" tab
      4⤵
      PID:4956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
d865a811984a41baecddd9aa070cfd12

SHA1
baee67204aea701ff1c56c0c07e766e65938e1fc

SHA256
fd57942deb94524e7d9d42d0e4514a65947f7365fe55758619584a97c277f699

SHA512
ab124981f5f4965191a271df6804dc70d75c684f0ece1037f7231487b2b91215ee965bfcc3369057e2c019ffe9a6a0423886e72ada295bece8377b6617a13e8e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
a38a1fc85e9b95c841fff5ffaef5cf09

SHA1
515c6c00e02762d9e5d1209e1fd84525890dd0fd

SHA256
d144ab0f79e49356b3f8ea04829a719bf484655013b8dba6db16616ac3b6798a

SHA512
739bf829debe8c90cde7f46a853cf7ace770961b08b280135d40492c498406c2a85b37381e2833157e676c4e86f19a41d7d50abf10843dbc95d60f04f5ddf585

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
8KB

MD5
7621ab1b640447c91373049969af0232

SHA1
7eec47392d0da029c34015a84f79913ecea30f1b

SHA256
a5e2331cf14d3f940b14353d6e755589e084b96c0bf75bf8cb5dadfe23844265

SHA512
2c198ecc68789d55d4561b51ca5efba1cc5cf471be4beb9ee4a1648f5dd93260077032eb4ef77aa22d9f245d5ea0da1925484ca2ea7f784bb255c63011be2f3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
6KB

MD5
e72748fd26d51ad0f6da79277e6f846f

SHA1
729b53c121d635e2df6dca6479c61ad71cf8feb7

SHA256
3d0e3654acea8412dddca16279ec40328d0a25d96ab6f231dc51a065bcf0b63a

SHA512
f4c4a211c3cdd99686bc86bd7be89c95aeceb1373416895f5b94c9423fb81f01cddd7a6d6b802db381ecd509eaea70c1aae862f0b01eca1b8f689dfd565593a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0aa15728af076cc200e98d8196859839

SHA1
371fc523bb3d68c96ff498c6e29e4d714b80b24e

SHA256
2ff1dbc902097fb6ed613cee76da62ac2d9a4779ff7ae4be95197b21cc32b489

SHA512
6fb3b9b4bcc6171fee5c7f2a35b780ca998ad173aa0c48eecd6cf579b697eb0781cd41e14d1ec3c077ab85ea1ddfd30b914b31454d22b14890bb10b1351d95c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
98442bd9db75b271a9b3b9bd15211be2

SHA1
32db5ba11b8f855b850ef0c9ec3c8d59aac9874e

SHA256
f33284948ab3131d8a11f37e3cd931488796b95e0e776d8edeefff8ef80c5bf3

SHA512
c0f5d8070babdfca197fa2fe44b0751a865447cc0b37ea679a348df6224b99d5c4f63a7c07d29dcabb655a89f8f0145a8a98f2f7a14d8f7950b3975928086394

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
a534fd54d02303900da3cfd7d3f573e6

SHA1
ac89561fb70b8b876abee5b3b408e2649940c62e

SHA256
227273ef0a4755223663e0960a26bf5552469d9697b35beda92b838d7551827c

SHA512
8686e95bc7ca7930a75888dcaa2d88bedc720c26cdff6e89cfda9a1c28bcc465f5af1984621b9f4d9644aac97124f611113e3938d6dbc6d23b18cf5845ff45f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
a02dc8b0f5982003366184c54c4a80a5

SHA1
ac524bd2c2555462f3fc4a0e9ef7c5e38e09971c

SHA256
3fcce8f215186ad4ee40b90816cfad2018c6e24416303994e2ebf843bcacdef6

SHA512
d06a19f4a5ec11fd78a3e61d338daed2fda1ef9bff4f7e2536c75efbccedb6f2575889c894504d09b579aa556c97998947a1515baff31805744377690c5b7989

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
cd8eebb804e1724739b2eab07462796b

SHA1
1b954499919f30209a69cad02bd6a1d94c017d68

SHA256
232b7a9fcc27b36b0787d4710ce96c385ef9947818351e038b4d19a2844ea05c

SHA512
f4d30d4360d395dd6a5ed6e58f19038e82baa8d94acef2f70c0e07540873b01e8cfa34549375fb3c7c0c42a8021e24b176b356d0284e0e673bb091d6514878fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\524f0d8f-03e4-4b5c-9653-704065af64f9

Filesize
982B

MD5
846d85fce4f44ffb577f1b153662eec3

SHA1
03156d7f0281624375b672e49f944536705852ef

SHA256
db751978618a4238e3d33337eea7eb405d63c8ef3635c05a054d2e16e205a03f

SHA512
ed7b976b89ba7afd719657721eebd983b2adf5ad63be39dbd65dbfdcf329a6b0a9f7d2ce0a274d252a94340423168ea902e81462b7f4b08658c4031c495f9ce4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\8c2466a7-3152-49f6-ae71-c461a0e83fbf

Filesize
671B

MD5
af09db57d96534e3fd0660181afcda4d

SHA1
b868b914735c4a1673f210231781ecc719bd1399

SHA256
afab537a92170f1ecdf18aaae89a80b9d9231ae58adc07263defeb20dd3ea60c

SHA512
5c4dfd3e86c89b1fb3d8957a0f806f664569c583fd9c2fb467a053a86b678f0153a175ff303a192ebf43bf5260b772b7fe2011bed9d7a63450ebcbf70444bffa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\93e15e0b-0172-40e7-a6a9-f0d15e2c1652

Filesize
26KB

MD5
586c93cfd0c35f8f5b264129314704d1

SHA1
31be99f55d944739560c83e17d836af55316ad30

SHA256
319e540fb418ed84c1e6d43ee89b6ed5b04164d8b82e1fb43bd9751cd6bf7c38

SHA512
599065c0c23ce210eaaf4feb2937be6ff4ef3df1fb77b0094583022b8273576d5e0206ce67c1f4c325571ee5d8b39b7bbce13548b93a7735a249a4af1b7094d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
12KB

MD5
11a4fffb57c3ca5648cfee336e373a40

SHA1
7abec49c91b87aabc6c2468bf40d91a21d5e214e

SHA256
4af20b850f4b50583af0017beb4ab4352d8e4150c952b7603d465a79ba03dd96

SHA512
df9d93ce3c49228ecbbca58a2e6734eb0a5df12be9564b623fe2383c4dbef9e8fd6ebe8bfc80c828d5e060fb3cdc8abfb708c85b851a9c7888ba2a9738ac3453

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
15KB

MD5
aff3fbbf373aab4be4a2946186417e21

SHA1
5da89bce6de80a10546db404ca5b192f32345144

SHA256
b3b28c9682dafd8a246d62be4981784d5534175386c5cf4708b9ac7a1ee0960c

SHA512
1960d90301e33b0e30030ea2ca630ae25c947d9ee65a45b0773410789e7709c1171990d186178f1cd8176dbd568424234c12bc08e0aa5e0b35d1e0e1efea5fd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

Filesize
10KB

MD5
a09d7d93a66be78eb30ef61948567fd0

SHA1
e4d00d2a78e9bd57dfc4d099629dba81c524ee8a

SHA256
f89e8493d29030c4623126f4e875bab23808c6077df12f606ce9291268aa0a0c

SHA512
389a37e48da7ee59e7a5e301d641ba8ce869afcb4815753afa4dbc3a6bab46454194c7daff7a31710d39a33f5531684a9a7a6ee44ab279a303f87f5f6210a789

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

Filesize
10KB

MD5
60769c98d90a5a9922f14b3ef46a1afb

SHA1
3f1af042ce0214d8280bbd5e8e9e1f198767b169

SHA256
fc199d003e625d87cf9f6daaf8d1bbf313860182f1d7f125a7688b438fb9b541

SHA512
c027ad9e0ef4fd13ef4afc678703c6fe2d8ead817945ebb0e535017fe5da3e57a349e88afd30b5dc0d2288a3a903a34391acbdaad15eb4be682687be4d9934c1

Download Submit