b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127

Analysis

max time kernel
33s
max time network
45s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
Size

900KB
MD5

9e9aac3c17da1438dd0ef6153530fbff
SHA1

c5d191ac45dc43ce2a71407897098240f172f3ca
SHA256

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127
SHA512

251666aa4c05468ccc6f6f0eec34a986c56b1c26d768c49019a6100a7c6c8fab70409acebd6d412daf689a619b234b103c4ab16a77760c0426dad3c549e51bd7
SSDEEP

24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8aU1o:STvC/MTQYxsWR7aU1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Kills process with taskkill 5 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	Process
1792	taskkill.exe
4544	taskkill.exe
2296	taskkill.exe
4588	taskkill.exe
856	taskkill.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

pid	Process
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exefirefox.exe

description	pid	Process
Token: SeDebugPrivilege	4544	taskkill.exe
Token: SeDebugPrivilege	2296	taskkill.exe
Token: SeDebugPrivilege	4588	taskkill.exe
Token: SeDebugPrivilege	856	taskkill.exe
Token: SeDebugPrivilege	1792	taskkill.exe
Token: SeDebugPrivilege	560	firefox.exe
Token: SeDebugPrivilege	560	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exefirefox.exe

pid	Process
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

Suspicious use of SendNotifyMessage 30 IoCs

Processes:

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exefirefox.exe

pid	Process
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid	Process
560	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exefirefox.exefirefox.exe

description	pid	Process	procid_target
PID 4100 wrote to memory of 4544	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	83
PID 4100 wrote to memory of 4544	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	83
PID 4100 wrote to memory of 4544	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	83
PID 4100 wrote to memory of 2296	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	86
PID 4100 wrote to memory of 2296	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	86
PID 4100 wrote to memory of 2296	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	86
PID 4100 wrote to memory of 4588	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	88
PID 4100 wrote to memory of 4588	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	88
PID 4100 wrote to memory of 4588	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	88
PID 4100 wrote to memory of 856	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	91
PID 4100 wrote to memory of 856	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	91
PID 4100 wrote to memory of 856	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	91
PID 4100 wrote to memory of 1792	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	93
PID 4100 wrote to memory of 1792	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	93
PID 4100 wrote to memory of 1792	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	93
PID 4100 wrote to memory of 2540	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	95
PID 4100 wrote to memory of 2540	4100	b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe	95
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 2540 wrote to memory of 560	2540	firefox.exe	96
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97
PID 560 wrote to memory of 928	560	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe
"C:\Users\Admin\AppData\Local\Temp\b63a418624a2b06d230c0e4878355932cea624f7b0112d7476d22abd06c1c127.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4544
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2296
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4588
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:856
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:560
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bafa64fe-3497-4537-b80f-1db6ea012e78} 560 "\\.\pipe\gecko-crash-server-pipe.560" gpu
      4⤵
      PID:928
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {779e838a-fbdd-42d8-b603-e99bc8b9337d} 560 "\\.\pipe\gecko-crash-server-pipe.560" socket
      4⤵
      PID:4828
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2588 -childID 1 -isForBrowser -prefsHandle 964 -prefMapHandle 3040 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f175c231-64e3-4e5c-9a84-99ccf0f9545a} 560 "\\.\pipe\gecko-crash-server-pipe.560" tab
      4⤵
      PID:4432
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4064 -childID 2 -isForBrowser -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c18b4189-dd9d-4a1d-b578-227420bd4e20} 560 "\\.\pipe\gecko-crash-server-pipe.560" tab
      4⤵
      PID:1056
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3924 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4888 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83fe1c4f-2302-4a75-ac94-cac6a34d0bf7} 560 "\\.\pipe\gecko-crash-server-pipe.560" utility
      4⤵
      Checks processor information in registry
      PID:4856
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5108 -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5168 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de41cf05-cb5f-4363-b9b4-7e7298239846} 560 "\\.\pipe\gecko-crash-server-pipe.560" tab
      4⤵
      PID:4868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 4 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ee90c1d-8b18-4eda-8b0e-54ff88ff1b3d} 560 "\\.\pipe\gecko-crash-server-pipe.560" tab
      4⤵
      PID:4504
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 5 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afe3de02-75a9-4ecd-a01e-e7680d63b8fe} 560 "\\.\pipe\gecko-crash-server-pipe.560" tab
      4⤵
      PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
95ff55cc2352d8f5865fa223fad7baa9

SHA1
d4010ff2f1a3a99c7e1df5df43f94430b5eaff67

SHA256
da8fa50d790c8b92dc90cf5245e0d579bbfb1cf8f2b7ada083f2ea0d392e8dbd

SHA512
5552a506751cd8e03af2f763c33ef686bbdecfb3d77f1f93b45ed0fe3916bee279fcc2f4b172780d83dc7cdeba217f88e841e244bd42884be1935b66f9ea4d77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
5ab2cd54cb1cb247f788849f4116be76

SHA1
f35394734b6d8e1b2a0ed98f12504ada8df1059d

SHA256
ada532b6beec9bbfc0333e18c3a6bf22b90efb96f7afae627d6a1228ab1040be

SHA512
bed56043ac1073366eb9f7ad321c545dfeaebe898ffe7de01ff68a59b96f2a2b01b75f102877b6c3a422fb3c884067492091fb6b6eb1b3d737b16efcc1b75072

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
6.6MB

MD5
de4792a44b5e18b9b98ddad16fe9bb0f

SHA1
06b84d4dc343d27804e522cbf725228a338c77c3

SHA256
edd5a0631810c0e7ed25aa063d5f94b8c8c9c7c86285c57f0ba65aeba41b3980

SHA512
345de31aa533d22955c10139d335b9418258a2c5024fdd44eb7d0012d5b5372e551ca7ab14579ac8e5f9481d13f00446e3f169f13d11d04ba35d1ba27a7c7bb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
7KB

MD5
d97d44df4fb20d66f13c933e3b95aa5c

SHA1
ea74d4a38a824e786de53c3fc832ede3e1ac45a7

SHA256
37927e53d07e10873e322a0c657e2ac933d0b061ef477b630a3a6dd1317c5670

SHA512
a6622e99599b1be403e71178b067d933afacaeb2d3ae7b4d0f9277a69f99618e75422a7a1e396e4c4782b88dcfeb80dd2f9cf1fe80329ae4d0a95fc25565c7c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
12KB

MD5
6873c822bcdd16a4e30ba0f3f2d2f92c

SHA1
6f3f79beec6cebfab6cd025a5f9b4fc53455908c

SHA256
32b4d73aa9d420712f7f40d05d2d36c6bc761b9931573cbc2d9d0f7be78aa820

SHA512
37daa582351986028851ff1396a2db72d972a88ca3d854b65b937a602d24b5282a7e0a6ff03a40ff007906b9ac970650639604c87b2e4a41fdd2697cf06ffc46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c71939459a8085a0ca8105d714fc4446

SHA1
214a6bd3c5bd4f4ee88349462a2ab3c90098c0bb

SHA256
4efa869952d85bd00eddaeb7e29ab440218d5b9b023301d510c8d0d075487de1

SHA512
1ea36760bf77c530a285d5ce329b83c32a3bf5528072bd6a612e0c12145b8528f3744669823326711806699addb63ffe4af06301b91850e0552e335ab4458881

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c88567928c61326bcc195c9caa209266

SHA1
3b4750ed8ae5fa1fa938a83d9c5fba28e5b0daed

SHA256
95a859200983aceb0f833f117377962c6a635ffcf75545c8e85d8b0ddee20543

SHA512
1a594b195cec9e7734cf69ced563da34ace4d91cc361532bc96ff0e58bc45a5da3e3e2a876669087fc588393fd750083de68fd388ea43194e57c10ec7eb68b4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c05904ed75512edfd4b3f3125431ca7b

SHA1
39517f45a75d8f2758c961d73e371a0a780d6be7

SHA256
6827007772293c028875815fb5b6d948caf67d950c232c2cca0c5b2596c7dba9

SHA512
42f3f5ca869e0220083225c55e58c601b1a474d3bd6fc6518eb0c8e3308f031e2da07205ac5186d50fd7c3c069462723aaa6df206d64680479c5db11ac75597e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
ca49d55d35fe3527fad96555a14e8771

SHA1
d0538513a6d604ffdd234136af3c595b96b3f21d

SHA256
b89be1dde8f66694761f1fd270a690d330bd4dd3e64e3f11a79ca6fb80944822

SHA512
b9202c8dd909fc3e194748bf0c119d51374040d13ca3c425d2d38d3e3ec27e20699014909b2e5bcd84ec5f7c761b8034fb8d4f4c84fc32f5af19acb363301784

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
51a263a3e3b1e329ec6efeee5f792ad6

SHA1
ababce70881cca077092513e54a59989b6382a6d

SHA256
55150cd29f414c8af74cbee625d6708e4ffdba1d5478c6609866e5ebdecb4c98

SHA512
5f95aa561580b5fc34e2b192aa9fdbe7f787ea313787df53838110ede096f98b81d8b3eb6630311aeece9c05f2b9754600dc73f7decf4a23a542e3a379e66123

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\03063dc3-8d25-403e-ac43-7014a6f28741

Filesize
24KB

MD5
446033108c6241bd2ab41b129f107bbd

SHA1
a80bf11d271526dddb12168ebeee957c031b52b7

SHA256
ce2ce7377b5d9d4690e2a8eacc962c7d1cb2c3eff90f78fcf7c6bcae88660be3

SHA512
7c22da9353cf534ae098d4ab12b86c5841ac252784b2677a4f25c29fc86a64dd76363d14527715cd30e32c4629c22fcce86f3d16d5a250c18e069dd59a1fc31f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\8f8a6b56-5547-4df7-a60d-53bba18e2d53

Filesize
982B

MD5
508256c739bfa823df24b20958c6bcb2

SHA1
e40d03b7e5a9bd337c167a0a62b74f7224211d0e

SHA256
4e585eeb974c949ef1808114f06a75ff1595d73402955131d44a418c3ae90c3c

SHA512
992c22ff769308278e2d019bddfbdbbb8ce831750aecf3379f7b2625a71af315d9e1cab79a4160b505f5b1f81e1f2876861702b01bdf49341291e6ead41eb642

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\a3e77805-3eaa-4c6e-8a10-100f71e5a151

Filesize
671B

MD5
fd3df3084aea245491b1a8268cf9ae97

SHA1
8db72abb93b278213899471df4d91be2bf586015

SHA256
8abc8369875a7e53025161577d9f175599b7fa2209e9f431b674b900c9a5c40c

SHA512
61b29d2a3ee80790b60e7bdef33528aee3b6020d7facead2f0778618bfdca58ffe6f21e371869689097a4ae5e844b088a409de19c5c241e7b5eb63ec676b25b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
6.6MB

MD5
0dbb401b1dc38265404879d251dab30b

SHA1
a6b1fe26a7f6e49852bdf6de05d6cef469d02e52

SHA256
d662452ab552ec50d30fd2941b36e4eee017ce9fad32617957f8549d442f4b4b

SHA512
347c6e6c5b8d9ea5e0466ff83e3afafb48b7b02213fac74ce0065e6f0f6d5c9ccd719810891033b38a78f78445160f0039134d8eb9654bcdff57e0703b939ee3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
11KB

MD5
544e29784c75a5f4a1f3280d6d0aa0be

SHA1
34e7cbed2d566e89666e03081b3f1b2dcfbb2052

SHA256
9988560e5c57ef7cd751dc59a118a1bb5bda70d8d2c3d2abc4c78a4f0dfffa3b

SHA512
5458d1564dfb72cb1c168ed9c4693f12e32b3f1bdf7e2e4a6aefd2680566ef750db190f7311d2730379ee897d4a2888e378213e1eafc236bd97adb91589eaf86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
15KB

MD5
278674c7150ec7c5a263cf93698c0051

SHA1
7883772e9b53f46c1db8cbfa52d1d4fc7ee9cab9

SHA256
bdacbb8950903e844c6c1f8b9f0849bd615fe3e2567a03fa77ac16c57b8ecc1e

SHA512
03184cded544d24f2c9200b9e5ab19bde7f4b229f674e84f4a14fe77016fafddfe3c17044a123d74723a9fc38cb646350e192346eb4b53ffb904d5b7728d219e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
11KB

MD5
074ea2ae6316085c84df2f2681e81199

SHA1
85db8a2b71ec0d935af00ec24edbe6f474f9709c

SHA256
fe12402996bac93a13f82e2ed0f073ba219c94f8729dd73570dc80b5b870e92b

SHA512
76dbb80f8791e3ec9c0a21892cf29259c6341bd193964cff30cb238ed887647e41c0a1f0d4f642c2658d64e4c491fb552d558cc77d9f84225abdf4e479430252

Download Submit