a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
Size

901KB
MD5

cccb2d977170db1a9b1885df59fd3ac4
SHA1

207146483467d3cb021d15ce55d81a98964dd958
SHA256

a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417
SHA512

3817152b733ef0dc6b1287791c6900a9beafa690d179e7726d91b0ffe5a33d7079afe6dca936bcdf74bcd91ad6abb7dcc75985a007f3bc2dc33f1286dc99fd8e
SSDEEP

24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8aUkK:2TvC/MTQYxsWR7aUk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
740	taskkill.exe
440	taskkill.exe
4940	taskkill.exe
2472	taskkill.exe
4516	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2472	taskkill.exe
Token: SeDebugPrivilege	4516	taskkill.exe
Token: SeDebugPrivilege	740	taskkill.exe
Token: SeDebugPrivilege	440	taskkill.exe
Token: SeDebugPrivilege	4940	taskkill.exe
Token: SeDebugPrivilege	4436	firefox.exe
Token: SeDebugPrivilege	4436	firefox.exe
Token: SeDebugPrivilege	4436	firefox.exe
Token: SeDebugPrivilege	4436	firefox.exe
Token: SeDebugPrivilege	4436	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4436	firefox.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4436	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 2472	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	82
PID 4880 wrote to memory of 2472	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	82
PID 4880 wrote to memory of 2472	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	82
PID 4880 wrote to memory of 4516	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	85
PID 4880 wrote to memory of 4516	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	85
PID 4880 wrote to memory of 4516	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	85
PID 4880 wrote to memory of 740	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	87
PID 4880 wrote to memory of 740	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	87
PID 4880 wrote to memory of 740	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	87
PID 4880 wrote to memory of 440	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	89
PID 4880 wrote to memory of 440	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	89
PID 4880 wrote to memory of 440	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	89
PID 4880 wrote to memory of 4940	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	91
PID 4880 wrote to memory of 4940	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	91
PID 4880 wrote to memory of 4940	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	91
PID 4880 wrote to memory of 4076	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	93
PID 4880 wrote to memory of 4076	4880	a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe	93
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4076 wrote to memory of 4436	4076	firefox.exe	94
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97
PID 4436 wrote to memory of 312	4436	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe
"C:\Users\Admin\AppData\Local\Temp\a2052090ac872e694407eebf43b4d13fa384ede43ec99c8e0a03edcbece5f417.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2472
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4516
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:740
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:440
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4940
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4436
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1764 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8656b329-6a68-4fc1-9ed4-3d6e92be6089} 4436 "\\.\pipe\gecko-crash-server-pipe.4436" gpu
      4⤵
      PID:312
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1e6d078-2f74-4f35-a8fb-de0b687457ed} 4436 "\\.\pipe\gecko-crash-server-pipe.4436" socket
      4⤵
      PID:2972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3360 -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 3156 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42c85473-cb11-4f5f-a2f0-4aa8e9eec9c7} 4436 "\\.\pipe\gecko-crash-server-pipe.4436" tab
      4⤵
      PID:5108
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3952 -childID 2 -isForBrowser -prefsHandle 3936 -prefMapHandle 3932 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ab13190-ddeb-4842-8acb-041891c21554} 4436 "\\.\pipe\gecko-crash-server-pipe.4436" tab
      4⤵
      PID:3756
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4552 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4516 -prefMapHandle 4512 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2db9910-d5b9-434d-9f23-9cdcdbb2b426} 4436 "\\.\pipe\gecko-crash-server-pipe.4436" utility
      4⤵
      Checks processor information in registry
      PID:440
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 3 -isForBrowser -prefsHandle 4888 -prefMapHandle 3564 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {377ab28b-c618-4a28-b0ed-7901faa8c9f6} 4436 "\\.\pipe\gecko-crash-server-pipe.4436" tab
      4⤵
      PID:2868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eb57977-a347-4a02-a2b9-3e973a7c321a} 4436 "\\.\pipe\gecko-crash-server-pipe.4436" tab
      4⤵
      PID:2152
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f47ff6c2-c962-4801-bf64-84c245282448} 4436 "\\.\pipe\gecko-crash-server-pipe.4436" tab
      4⤵
      PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
4a10270090a6844cd554c4a85c8a8e1e

SHA1
ee69174bb8b2304e01bf2d3f37cbbd56eb194a9c

SHA256
25dda9e5a500e5e477da7e8ec0d081315e751d0929f0cc2ee57d2d20defa7c99

SHA512
227eda6aea93adcc328fb451d9cd6707736726eeca687759165985443dd7cb3b0374668f800b64d7b4d8fc7edd9149bd9e5d5490557fe4b7d4abc2fa13343586

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
dbaf7eaebba1dbd97a82124e5452fccb

SHA1
c0b0bf7cadf6348af79f76e3f1f9ac39efae2ca3

SHA256
101760ac5a22fc435393ce020b83524edc340839774aab4a303c41b7586063ee

SHA512
6cfd1f49d229aae87c0d1fa345e6cc14eb0773aad23cbfa11f9c2a79e7def7479dd04f8ef8dd0ddad16fc51b866099acee170a5d017fd9056e286d1377065c53

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
6KB

MD5
f7dfc4e10ab9cef043c5e39f0f0b3a42

SHA1
4ac827b76bbeaa70b1c662792be00f7328042c8e

SHA256
89f6d354ccea94ced6d8f79e9c5a10513501822e42a7aded859535c5e9995db0

SHA512
d52dc22f1374be8b461d256e474601d4c51e4bf9691c70b99614e82cf4eb6a9da13b899306b631fbe97f7b30c5f7215f8d2c46fb5fb6230408e298b678140625

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
10KB

MD5
06b9baa7bb3e4d1049d3a09964e8bd30

SHA1
dee2b6186cdce30cc0d986ee953ddfa671989ff0

SHA256
9c367b9d9025795b3c238c6337e81fbc8007396c9c11854b74f89fdca1a8b6dd

SHA512
ffdb93d9a05c440dc67cb264fc0103b4a937a5a6b1486e34074b24dd405e00cfcbce6f011bba1482da22843d625773d138c1cd6b5dceeb78064655421eb3d27f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
12KB

MD5
074b880b89f5316558eb4770ac9cf58a

SHA1
e6dc775a46a4f72d4ab72704bb939ca2cc1a2fbe

SHA256
ed0cdaa1aeda21137faee1d25a53cea84d1fbdcc2f9f7f6de90548a1b035d786

SHA512
db87d955502016b2a02588167aede6c692e88957338fcaad8f3a9dd0813cb888d29ade353df112a6c794c2ee5bae05edc4de210abbd608d0403e8ee2d6463166

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
853726a3d38764b5148c27653ae3e809

SHA1
a310d912fde005938f534c07e281589ca7d9eeda

SHA256
1576c35df1fb1f1164a46d5a5ca32cb9cb69c59cf55011b998e0369dff251325

SHA512
9afe54846c182db234a62867d4817cdd29fca21828c5381c06dda3a55b52ca8f7853ae62b8085fd250a9f71e3844d3b8fab7c799d21a43641e5e37f6c1a01315

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
aaaf8f3eaa47197e90881711d2aee224

SHA1
c7f46475ffa92f4dd908f966fe0afd188c4ce65c

SHA256
06f2498ec8d0aba8428aee163c38999c41aa63ef44c144ceda21d0d971934ae4

SHA512
67b2e291a6874c09fe027f54717b03572e8ef38840ef6f4469cbbbdaf92d73fdad45ffbd518830ceffd83c4278ab8942cc6af80da6e6588b419fe9310121e8ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
15818e88295fd7d5445bb3b3ed08fdf7

SHA1
82b9ad9ad7af2e537fdcefdac7579e5e75205be4

SHA256
da502495dcd8226d9f294ada238a2cab2e9745f1a93e6ccd729600273017890b

SHA512
55839ee70351331691a3caa93077eb0f5646b83b45209b3c42dedfe46bb71e198b4247928b9e36a8e4b4dfed59059a7abd2338e95c4f2efd8f31f185069b4490

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\0c6a342d-c3c6-49bf-a8d7-4cdca14d4ea9

Filesize
25KB

MD5
cc2103f7762f6672ec8bdc4d1effab3d

SHA1
c963aa3c42d7718465ece40d1385d9b3032c1996

SHA256
90c7679eb2f705a622df45b925be61c33f10251e8f01b0b48350b1564b3fe94b

SHA512
b0b0b996498ba68b2225897a7b0d3efa561138db92818930351cc5a435613a1a0a6b52df6644c763067e243ea66339c6b15d0d5d2da44f929fae0dcb8b8848c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\ba63ec05-a99f-4ee3-a703-72e0c184ca6d

Filesize
671B

MD5
415c2576135c4804ffb94270bbed3753

SHA1
d1aa8114cf83d51305506fafb35c0315cd0e28ef

SHA256
6203f96ff402f638c0cfa86ca52de056fe717c8481e16a67a413b66b89360a5a

SHA512
93d5cd621cbc235980f8ac54f19a1120a31fcf3ffbdb52ecf0a0e02a2d576c4107440fbfb934f2b4d7ac25e37604166e147e9fc1ea8546411431adfa7b2ae4c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\c5ddb9a0-ca12-4ecb-a5ab-1f6be98eafc6

Filesize
982B

MD5
8f57ca6d4e5325b47b6d28623359e0e2

SHA1
75281f02326d92287fad8f16547f97597dd5c904

SHA256
f98cc209003c8453cfd474d36d1de5a85f8b90f6f95eb8538b539bbd5dc9e946

SHA512
a34555e48780993d8bcb89ac91a9077c3ddb4bff04891a899001f0531b827944911a4bf925e4b7d7158a5f3d460b0418d59535e90961a130bf2e43abc8501c36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
11KB

MD5
1bd4790152c16aacb803843925765516

SHA1
da347e64e37bade55363ff9b6838d8cec3be8a4d

SHA256
a66f18f23246907a606e49b898140790e5f9231da48fe27b2732597df525816c

SHA512
261feb487d643113674d25be6331d6961584f92c4b483ba28307082643246fb9d3b31d612b0ea8581d2dd4f14cb807b6248f6166af0723a3c62617d5f34939c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
15KB

MD5
f769c05fa9b2e7a96b3013ef3be8e2d0

SHA1
fba134c8a49a9f5492b33fbe300dc8c1c5d8237f

SHA256
eee67072fddffda1ed25b13c3b34417a202825099951ba172f4bf75c2719ae1c

SHA512
4ae8db0479175ede5448fc7c19d903daa26d9c07afec5a59e7f08bda9be638558835e05fa757455ef5cc3a03695f85c43c587f2f0e044b221aeb691aa3e73a6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
10KB

MD5
61f2fbf7f90e52ce617766db11941700

SHA1
ab0df6fac65b0ede03f3281514495758744d56d2

SHA256
b077945e07f395378d1b9c5958aaa86fcc8a631a66f27c6a9b73dc87c8d92a1f

SHA512
c2d8b150ee6a7e153a84f6aeab85fc4548b8c62bfd5cccad5b92b948531ebf7ace8ac6c5dc73f72358dc5c8cb0e2a77d27ac4fde7556a52e99c7d1cdd7e4a3f7

Download Submit