d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f

Analysis

max time kernel
126s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
Size

898KB
MD5

74c47425d888225482c65af3d705b57c
SHA1

66b95a9dbb538db3a49802442bb31d7ed8d2e0e8
SHA256

d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f
SHA512

1a54b2802c504aaf48583346fb0a8fe7ee605bf1bceea3e88e708ff447c62de54099893bc09655fd6575360016b83e914f4e1af0ac4ecf91db57d4a930c90a4e
SSDEEP

12288:oqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/Tp:oqDEvCTbMWu7rQYlBQcBiT6rprG8abp

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
4088	taskkill.exe
2324	taskkill.exe
3168	taskkill.exe
3776	taskkill.exe
112	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4088	taskkill.exe
Token: SeDebugPrivilege	2324	taskkill.exe
Token: SeDebugPrivilege	3168	taskkill.exe
Token: SeDebugPrivilege	3776	taskkill.exe
Token: SeDebugPrivilege	112	taskkill.exe
Token: SeDebugPrivilege	2392	firefox.exe
Token: SeDebugPrivilege	2392	firefox.exe
Token: SeDebugPrivilege	2392	firefox.exe
Token: SeDebugPrivilege	2392	firefox.exe
Token: SeDebugPrivilege	2392	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2392	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 4088	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	83
PID 3672 wrote to memory of 4088	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	83
PID 3672 wrote to memory of 4088	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	83
PID 3672 wrote to memory of 2324	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	86
PID 3672 wrote to memory of 2324	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	86
PID 3672 wrote to memory of 2324	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	86
PID 3672 wrote to memory of 3168	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	88
PID 3672 wrote to memory of 3168	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	88
PID 3672 wrote to memory of 3168	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	88
PID 3672 wrote to memory of 3776	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	90
PID 3672 wrote to memory of 3776	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	90
PID 3672 wrote to memory of 3776	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	90
PID 3672 wrote to memory of 112	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	93
PID 3672 wrote to memory of 112	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	93
PID 3672 wrote to memory of 112	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	93
PID 3672 wrote to memory of 1468	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	95
PID 3672 wrote to memory of 1468	3672	d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe	95
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 1468 wrote to memory of 2392	1468	firefox.exe	96
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97
PID 2392 wrote to memory of 1852	2392	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe
"C:\Users\Admin\AppData\Local\Temp\d0465839a98a088260a61aad2fffad83b2f587c70131ff02f31e96b41a52df7f.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4088
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2324
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3168
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3776
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:112
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b83e4ce-82cb-4d77-8755-0c47a4a99d02} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" gpu
      4⤵
      PID:1852
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a547f900-732c-40ac-9186-0ac87927d7aa} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" socket
      4⤵
      PID:3436
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3308 -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b07c17bf-c72f-4a74-8fb1-ffbbcf744c84} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" tab
      4⤵
      PID:2348
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3680 -childID 2 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d425f05c-c47f-4bfb-862f-d59d360ce4ff} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" tab
      4⤵
      PID:1520
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4580 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4572 -prefMapHandle 4536 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {814a0fab-714c-48d2-be02-8247902db937} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" utility
      4⤵
      Checks processor information in registry
      PID:2568
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 3 -isForBrowser -prefsHandle 5276 -prefMapHandle 5644 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08d21baf-da1e-42c5-8c9a-a502398b3249} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" tab
      4⤵
      PID:4688
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 4 -isForBrowser -prefsHandle 5652 -prefMapHandle 5416 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f097ead-e9a5-4b0e-89a0-18cf676501bc} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" tab
      4⤵
      PID:1020
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 5 -isForBrowser -prefsHandle 5952 -prefMapHandle 5956 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff6c0253-ba0e-41af-ab7d-8688c086b544} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" tab
      4⤵
      PID:3772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
9ed6bdd1d6d7d6c333cd47e3791e9977

SHA1
ccd94e75f9c7ce349215b219b7144605e6815902

SHA256
c2ac315dd7f1ecf9e3925351bcc8556599d36568a2634c66310d26686b5cfa03

SHA512
d95c5f8b052dcd420859a7ea3ba9ef3c4c4a0583e178a97623ed28c297ee63597b1e349eda57ab2ff9e4f01598dd7f6fd0529d69c33107a3560afdfa49a1ae43

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
ac976ad266a847387a20ba0e24c7b7e1

SHA1
290b7311d376e50fedbca926a170f926ad3f8272

SHA256
1d18b3ea99b90c7c17fcdf5b15e8a7f41a235d615535658f8bad15f2ce215c27

SHA512
d77e4b756a19aa250be8629c96c3b84736dc3e24de2db238f37c3141820bbaf29af19bad8d4f4e5a5f4df67c9fe392d8ee00cf2bc3e552dd5fc393b9bd47e36c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
6KB

MD5
1c730e4a710bb510299428f8fef03416

SHA1
040c8c4577354b529873a277b76609bc17bf0362

SHA256
a2c5034d5c81f845e47a741e5ea84a03ebe66d89712fedc0950803138a055dd6

SHA512
526079b51a42e667f9159b820d77efe28cc4b21243265fef7d639a163bf4b33471ced848030633d94d419d290759ae83b7c24ed913c489337d75b4701de39f0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
8KB

MD5
8eda75f637deefccaaedf9d68e626888

SHA1
c37ed188deffc2f9d28e17b08624eec54965f2b5

SHA256
dc3e8daaa2908af5eb61d5cee83c900e343eb11838fd65859cdd4efb989fcc44

SHA512
fc9948c2d1fd55dce594094eb6d880e26372a166598132d95d314a13d6d90f16fa25bc371842bbe268d1f541ce941defc892087a4c62c1e16b64c695a1a5c3ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
12KB

MD5
82f6ebdd7487c6db48c0071600ec6750

SHA1
8128add2000f6d03e26aec11e9e94ecec4d80721

SHA256
c82e54ae5f3e85e8ba3e46133b327554118336f64be9bd4239dec49afee90775

SHA512
cbb00791577672640826eb26da8374f75d5e1f8825ad02941b17a163a5f94fa043e24432c3c389ad57e2dafb5fa397e5d9c5b79218b2f665a3e2acff55c8f395

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
53f29124775fac7b8ecae9cbfa5ebba3

SHA1
f15cacf649b7c1116653ad48e87bb385710d2d6e

SHA256
e5afcdd07f1dea7564722096ac2c8e74204192e9ab0308e12b3680d110532074

SHA512
73d87a8f41b887042824aeac8aa7a4eb1047150a2d7806a060e416a9024bb18e0ecdc2beb432374951ed249470290d2514fdef5ce40f9662541529dacc01f660

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
fef0b1357413b55dac6636aba4fa7b12

SHA1
c6c1e84e757e7a80cc7b33a9f290b0831d7e36ae

SHA256
7b7cff7d2eb16ca4dc5ce1fb04ca49dae8811efcb485b1c85120401ee95113b9

SHA512
0776edaf93c80d584c260564bbc2d908c91ce53b572f7b54c5bf82adbd31a74c1d321cc682967847c99d6fb7a65c318fff57461faca42bc6e55274a91292f986

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
483a24e19627942c4c06f3e0f4f43705

SHA1
be7ae4d7b92b956d1c3f9ef5f006d1dac74cfbb7

SHA256
502243a155d4ae9d744b3f314a6536f406155c3f30fc716804cefd10f37e84be

SHA512
6a7bf0ddad0e28aa5927df752cf7a3b4f1f1b64811f60f3d0429cb1a042e97b8b811e91f46b1dcb969aad62e0f390500f6f433a553df9fea7c603a853b949797

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
4a16a66e0a083b49f3149173ec1ec0d2

SHA1
e6905859604a3bbc94cf9d8134db7de2ffe3cbb3

SHA256
b92c141dbaf34746d3f5c2b2a576e00d4fdb963455e3decff84ebace5e4c1164

SHA512
b401b749119ee7e7f40613b06a6a80ace0f5ff1df05981b3f98e8b26579b40d0f72e3dd3414fd0bd03decff77e1d88663818c7b4112dc42796d03a3abb521aef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\3fae3a7f-1fee-4737-9c68-223795eaa7a1

Filesize
27KB

MD5
c180cfb12d057b27ad281a4690e07b32

SHA1
bda1fdb18af4a7185814e20d91e9e296423662ae

SHA256
b38099ce2cb386d2cb92f3737406ad524fdf01489cc2b1f61a853652d3473cf4

SHA512
c8e13027b3af1ac0a8f0dc33573286f45c28209a6d262796c99d56567dc2dd06ef8df5a06b3c2195a67855c6688873c5ca20db3f3b4aeee352e881fe3a613126

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\3fffa798-4388-4f3c-aff0-b5380c15e148

Filesize
671B

MD5
583bc99b8c836448fd3df2513efe36b0

SHA1
2c2cb8502e0d6b8d97e0ee3f81101a8ff68fa3f1

SHA256
6754536ea48778386bbf1ed2c859a4db45656766f9c8cf92d214a36a96ea799d

SHA512
73eeb34e264ded72ef77e1ab6f29ab674a284d844b1e8bf259c95a8e84daedabb9a2c3ca33833ac6454b1212c94a7fc3102e18ca0f8f73b337b7f5e21afca7ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\ab45d25a-fd2b-432a-9ccc-7c24cfefc8b6

Filesize
982B

MD5
fa6596d0ecb7a3972cc37958bcdab504

SHA1
d3f311e43fc1f00edb6b1722506a99d309d114cc

SHA256
4b685e3c5dd8ef21754a0823183e0d6755582762af4e94b30f9e2fe7df8984f2

SHA512
94807f3ca942bfc7bec8ae49453c402a9de15a331395da270359330c0d529c25d9a16de6e97979b65c0e03b99cdb41f3cfda37ec4b4705d8a349f0f385a4de80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
15KB

MD5
fe95ad3cac0b9cde7def440fc512fd43

SHA1
d1224ea9cf9d1f03e290af7648efa639013f0487

SHA256
62623e603d54f05b5edb1db5ff5043c9ce50b1577f2742923e1051e5ba852614

SHA512
58e7693432a8b1a22224dbecbc3cd588fe911f1f9a31ade1ebd4a7b8cbc159dc262dcaa7d61946d37045c7bf764edd59581fbd3c97361d2933175036762daab9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
10KB

MD5
3dca8b2a25075d8e289854aeff09fd4a

SHA1
92294fef8c4c2e9fd219e6ac692e64a0cc989786

SHA256
94e368b4f0167fed7e45e5693881eb0ecf32dc246918433680d8a750577e3b55

SHA512
b7cac4dc09e65867986cfb43c62aef93b008b10497c5a9731f32d7deacee17a37fa9a7bbbec6795963906893d64ec5c73b48fab3eb3aecfd42f77a8c2764faec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
10KB

MD5
1d21f2ba5d6790aa873bfb7c4fc3081a

SHA1
f8e40886774a26d147699228b94b7b0dc160bade

SHA256
47d64add58c149bc34c3ed1d7959a07ec42ea78ed280a68349dc12652fe6807d

SHA512
04419170833abc370296babff82380419849c8c8007ab8b1feef5d909e5c5c541ae96954b5ac2447aad44fb654c41ddf6e357fbe69af9d7459db31c3ea1460d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
10KB

MD5
c5e9baa56c1e8eaa0aa0a1cbd969ff67

SHA1
4fae00e97e78435e59b4fe0431548fac7f07a9a7

SHA256
a6a5692c84f3b73f55e448768a8fb3df4deb72cce565aba8f7bbd63101a5f5de

SHA512
8513100a75cd15e81f51aedb067e6cf496594d81ddcb657f47d872f7b5dafb5f52d4466d753552ad69241662c15589fcff2e11237a1cf6f79cb60117d8ca1f12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
11KB

MD5
c31f3b3f180dae12e70a45b1a2372225

SHA1
f52ae99c9932c9351f243f015c94ffcf6d9b809e

SHA256
95f9dd8e2fdab148d0c8aaf4003172faf2d34299687e6f84aac75018ac6a882b

SHA512
c53a6e1a3604dfb1be2881d51af0e0f7ad27f36dcd80d680848fb4b1e48f122ffda62f9b2bfe713420a4f9d4b9160ea5a62ad36937a84ceb6bbb16b650b09f86

Download Submit