1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38

Analysis

max time kernel
30s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
Size

898KB
MD5

ef36a9d0a39819f32e344f22f0746260
SHA1

34174c34da0b36c94c3ee7413d22b35dad4fdfb3
SHA256

1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38
SHA512

2a44dbf7d61a74aa05150d70ce9e035f819a78f31ed95f65fa1dfeba6391e671fb401cf87ea36ab5d68f3acdf743f85f0be00a7655ed6dcd84d694d902e1903e
SSDEEP

12288:QqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/Ts:QqDEvCTbMWu7rQYlBQcBiT6rprG8abs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
3580	taskkill.exe
1428	taskkill.exe
1852	taskkill.exe
2144	taskkill.exe
544	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	3580	taskkill.exe
Token: SeDebugPrivilege	1428	taskkill.exe
Token: SeDebugPrivilege	1852	taskkill.exe
Token: SeDebugPrivilege	2144	taskkill.exe
Token: SeDebugPrivilege	544	taskkill.exe
Token: SeDebugPrivilege	3472	firefox.exe
Token: SeDebugPrivilege	3472	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3472	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 3580	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	83
PID 1096 wrote to memory of 3580	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	83
PID 1096 wrote to memory of 3580	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	83
PID 1096 wrote to memory of 1428	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	88
PID 1096 wrote to memory of 1428	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	88
PID 1096 wrote to memory of 1428	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	88
PID 1096 wrote to memory of 1852	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	90
PID 1096 wrote to memory of 1852	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	90
PID 1096 wrote to memory of 1852	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	90
PID 1096 wrote to memory of 2144	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	92
PID 1096 wrote to memory of 2144	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	92
PID 1096 wrote to memory of 2144	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	92
PID 1096 wrote to memory of 544	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	94
PID 1096 wrote to memory of 544	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	94
PID 1096 wrote to memory of 544	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	94
PID 1096 wrote to memory of 3896	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	97
PID 1096 wrote to memory of 3896	1096	1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe	97
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3896 wrote to memory of 3472	3896	firefox.exe	98
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99
PID 3472 wrote to memory of 1924	3472	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe
"C:\Users\Admin\AppData\Local\Temp\1262293fd0af1f9be05b95340094f790595c288e06ede5ad80b232366d95bc38.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3580
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1428
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1852
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2144
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:544
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3472
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c00c5ef7-26ac-4ae4-9106-7b4d42bd47b9} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" gpu
      4⤵
      PID:1924
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdae7204-d06a-44f7-8953-65d224497fa9} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" socket
      4⤵
      PID:2072
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3036 -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3024 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e633856-70e7-4491-baac-3ff314afad7d} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" tab
      4⤵
      PID:2288
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3620 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70c2c33a-f6b1-4a16-847d-bfb367f8dd1d} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" tab
      4⤵
      PID:1132
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4740 -prefMapHandle 4712 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47491aad-7fe6-44c5-acf6-5dcff198b8b0} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" utility
      4⤵
      Checks processor information in registry
      PID:3220
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 3 -isForBrowser -prefsHandle 5532 -prefMapHandle 5544 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10435356-b985-4f46-8c88-1fff560dd9d3} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" tab
      4⤵
      PID:1792
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 4 -isForBrowser -prefsHandle 5156 -prefMapHandle 5480 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {595af17d-f2d6-4de4-91be-496f7b79c6bc} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" tab
      4⤵
      PID:1852
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5852 -childID 5 -isForBrowser -prefsHandle 5896 -prefMapHandle 5904 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9fcaa77-0c7c-498d-a602-15f0cfa5b42f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" tab
      4⤵
      PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
a9fc0bf561bd5aee09667f4750368059

SHA1
7912ece52812f6ee607c8dc2a500f156e1190db2

SHA256
97834db846a65ea4929b59cffa8f04a12e0ce20377b9bec60c23c5c9fa67a558

SHA512
74bc57beb974fc4137290fbd9df22f7ba86161cf0afffb4541a44f4ebfc0500c3a48783e24405d733026ae3dd3eaa85e967d3205386a71f24d0d175d13804036

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
7ecb966d1aed58c7b5cfb8467792bedc

SHA1
204d4f5f6b5b54346517bd21b49975b7eb6f35db

SHA256
f25885af39fc6d57efa42cf59b7a7e8a3ca8bb07b9dc956a7721c0508fa81d1f

SHA512
b00fa4b564596a04051caee7911d979f516e42751e403f7973a1a41aa26a2158874e02b3352b4fe99ffb592775bb971be6c0e668941e87ae175f5d0ff8ddae22

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
4.6MB

MD5
e7a6873f622907909b78f379e477ce3d

SHA1
e864a0de7f306e84082fcbeffdb51aca761f4006

SHA256
9747d77e00267aa6556ae363200aebc5d1f1d5a7077095f47c3cf7b7f9efc122

SHA512
d96bedb40e98ef4d9a0d94548c9291fb98cd2973cca7afa3473e06d6bdd74964066b954425b8a551950bb1eb3cdf5f57995c9ed0111e003abdf80ac910acbb69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
6KB

MD5
a4c5d36c4a55a845e11d31e4d163aaec

SHA1
bc054782d1d6c0f3293533c4d075471185c936c0

SHA256
ffeab6f770f6d4f37508bd305d029ad96118cf60c5a1d44e80ea595600077ae6

SHA512
68f7194e72f178a5e97c664832bacacc8b42a27e644676e1a96e66976afb6db16bcd5a2ccd352f07b037811b88c9be7ca41179125d2cafbc358576f0638c4e3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
8KB

MD5
c4c29d6fe8ebb54aa0fc193cc3e828f8

SHA1
617cfa553a783fd83ea2954d988bce2f3afdc0e8

SHA256
8b412f73797378b4532e56f415bd98ad85da702a6f10539200281d36f2a4dd75

SHA512
61694b4acf4e8499181dc0113d995f7b23670ffdd907326e09995c11acf9635d5c57b64b4e284c77b7db36cd7c763b13dd8987a477cdd4fd3643b9161d305eb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e2e0a9479ccf1768e8bf6f4f0b73d964

SHA1
daebeef06635c4cc02b2ac08bdb5f3658488067c

SHA256
db8c13223fed0ee525f18e816f3c769679257e5d81f1a687ca26aca4600b3e94

SHA512
8401e6c4b817e09cde65f52a8d10291bd71d1a38ee19dea5a34b8df2059678ae9df939c8145e5a6a83bbaca7af5ab18bdac46b0993912b3ca5c718893d2494e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
ad1e91d65e0f7820a21ddca5ec92f716

SHA1
53839c2032fca2a98bb98b1b5a166035beb7dce9

SHA256
e65b83bdf4888a880bc13de1b99f6b3338fe94a6876967359893470e43b53f79

SHA512
73518c0783607ac5a4bc6ecf02577261f2bb71e3d5e9573bca5d747b0976ec0fa01bab83acd239c69a7eb78c9540defc4d47ce6b74b820632b71fdc03f73d704

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
e0e79d6f8775caa25764edb7c005f53b

SHA1
45f740e6124ed36c666382eda8340d151f7d824c

SHA256
cac4a93e0eab3ef37e4d1d3c1d0b37ee3e50a7e6e77d2fa864814e3bac97f1dd

SHA512
b386cf280468b05e6cec178333a7beedec736755f1538cacab949c23250ab48b09a3bef6f97a339c087bab64827c616650c08e6c3b50acf8fb0b5463cddb31db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
148dc3b4f423ac202841674188d61c8a

SHA1
cb904c28165b05854439c2798947417d19b18b0b

SHA256
92a4e2ddbd48bb3419386c6cf5209d2e96b8135795009ed0c3b7dff895f42096

SHA512
a201f9759e9d2254da59475c6a574e6055800258a44f5c69a80e119c233457ea8dd535fd1822565efef2a25973f221a02dcb1155b150a932ba53fbef70aec444

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\7e549346-ca41-47ad-b955-d6458eff0af1

Filesize
982B

MD5
02e7eee80d294489af7ca03e46595507

SHA1
a743abbb0291314a093fdd935c4c58ee66508411

SHA256
37503781457faee6a71176f403358c40f80c47989a2910942dd9f128a6bdc400

SHA512
7e9873c6ae72aef8119cbe596b53f0d4f1f33dd823b7c6efcbedb4ad1c11b0dc97bc26952b2c7502e8b94b33259b565e6c826bf9dda9f54a9d1f26904ee24db8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\89736de6-9259-4202-bcf2-cff9a0ff5a8c

Filesize
671B

MD5
9cdf11181d3cf3478d95c2cabf9d0f59

SHA1
44053e0ca8040e7bf271bae307fef8c39ed1d34a

SHA256
db4ddae4e690e84c83a6133b69fdde058f2d854144e7dadf0049e628eea342b0

SHA512
b6d49c62249cf209a0e1911d3597ee2eb4e511d34701ee0e44d51fd8ae3cc61477eb1340728712f53f50860e9f5e428435f46cd949b591e2c2394602991774cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\f9ff1990-8f99-4f88-9489-07d123710bb5

Filesize
25KB

MD5
c672f3521e4bbdde249a41c91da43e0c

SHA1
f559495497171baa301b6ab7672bc3726d6c50fb

SHA256
36346f74ff5431f1f496def5f02c195849d43f3d7b95a15a0261439307c1f124

SHA512
19ba67b0245c84588f45ec3e27bbcd7ce93edab1ddb7df9e75f8d60bf22654c2fcf6e85872be188453522bb2a3d349873ec8246225d9fd4e28d1a58a0d64bfc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
6.6MB

MD5
9db1d552322d900f7c8a4dfe8d502e3b

SHA1
445873d71e99a07ba8ee0cbe33f324cd25032d0b

SHA256
01ca3487449af5ec63f6159cb469ca7d316029474e0312898f3d199d5fc6cf91

SHA512
d412a674a9eeac9144e0ed13078a52a9b6c5511cf6d59f328216186650546fb7ccce6c53748308a5c829c11a3b9bc236a4d9c1dafe271b255ba9726f3d4dccce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
11KB

MD5
eaaac92708e34617423ff74e1c88bff5

SHA1
5a326494f8745980fc10b7c8fd4a80b2b773c566

SHA256
eebab8c8346d972d0064c734eee464d90a33ae881fb208e560c7a4d607b90407

SHA512
db12861e00fcd181af6f3dd5122b6cc8fa296274db9c754f21d0c6212d9412e01f8d07893eb47fbf57b7b346b16941a0d01cf0c0524c7bf2435ee0c5759077bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
15KB

MD5
b4f8763fee74cb43e8c18fd976d9e47c

SHA1
7355e0ab7035dc207c53039e07ad906dfa698abb

SHA256
355e85bba843727e378d40d4785f2fd1c52ee960ad4669540cbcf45c9ab2c0a3

SHA512
273f07db061ece172cc21322ef720fd4ce556c4f741fa01a9ebae857a2fdb52852d4ff328770dbeb5b71c5ef64ec2a78eef9e85b79f57ee28eb124956cdb5f12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
11KB

MD5
facde8c48fdb7a66c6cde0850ac71cc3

SHA1
4a4824ed2ac9ac27f298c216f6be8fc49c912905

SHA256
9753061e771ba8d87fe35eb24eb69f565063153b458c439589925e62efa72921

SHA512
01e6afe103cfe4932e5bf28b4030eaa706d78220ad1a10a6dfaa805f3ed1f5dc3d5661bb33e0a4965497c726eacd3b0dff477dacf960641604b6d35c548c5937

Download Submit