3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
Size

898KB
MD5

de264ba7680e76241175c16744682089
SHA1

261ce9a5e94e01dd6b9b8b00112b95926317e2f7
SHA256

3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8
SHA512

49ba6d11e2cf575605d83319278a0337e19909cc8b2df337363a0ce8357315eef3804ad56065ae20b770a88868d3230facb7161baee4481cce562162810212cd
SSDEEP

12288:sqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/TB:sqDEvCTbMWu7rQYlBQcBiT6rprG8abB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
460	taskkill.exe
3896	taskkill.exe
452	taskkill.exe
4616	taskkill.exe
1364	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3896	taskkill.exe
Token: SeDebugPrivilege	452	taskkill.exe
Token: SeDebugPrivilege	4616	taskkill.exe
Token: SeDebugPrivilege	1364	taskkill.exe
Token: SeDebugPrivilege	460	taskkill.exe
Token: SeDebugPrivilege	2412	firefox.exe
Token: SeDebugPrivilege	2412	firefox.exe
Token: SeDebugPrivilege	2412	firefox.exe
Token: SeDebugPrivilege	2412	firefox.exe
Token: SeDebugPrivilege	2412	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2412	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 3896	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	83
PID 1124 wrote to memory of 3896	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	83
PID 1124 wrote to memory of 3896	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	83
PID 1124 wrote to memory of 452	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	88
PID 1124 wrote to memory of 452	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	88
PID 1124 wrote to memory of 452	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	88
PID 1124 wrote to memory of 4616	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	90
PID 1124 wrote to memory of 4616	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	90
PID 1124 wrote to memory of 4616	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	90
PID 1124 wrote to memory of 1364	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	92
PID 1124 wrote to memory of 1364	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	92
PID 1124 wrote to memory of 1364	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	92
PID 1124 wrote to memory of 460	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	95
PID 1124 wrote to memory of 460	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	95
PID 1124 wrote to memory of 460	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	95
PID 1124 wrote to memory of 1452	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	97
PID 1124 wrote to memory of 1452	1124	3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe	97
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 1452 wrote to memory of 2412	1452	firefox.exe	99
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101
PID 2412 wrote to memory of 3976	2412	firefox.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe
"C:\Users\Admin\AppData\Local\Temp\3e8ebf0a9ae8d80c07751681b4da88bf36d9478b723b184c6d53c02a3bf24ee8.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3896
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:452
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4616
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1364
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:460
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00aa92b5-5083-4621-881e-617dca104146} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" gpu
      4⤵
      PID:3976
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88a21188-c699-46be-9da4-d73934acdb9d} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" socket
      4⤵
      PID:2252
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 2764 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45000704-3aed-4469-9039-6cdf77e88f7e} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" tab
      4⤵
      PID:3488
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4116 -childID 2 -isForBrowser -prefsHandle 4136 -prefMapHandle 4132 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fac68b0-7ce9-42a0-8682-cc383ea205e7} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" tab
      4⤵
      PID:2752
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4948 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6a44ada-7bf3-4288-aa0a-2a086ea1b6d4} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" utility
      4⤵
      Checks processor information in registry
      PID:1008
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 3 -isForBrowser -prefsHandle 5412 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f05b47aa-0459-4ced-a57f-b6444e75ff08} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" tab
      4⤵
      PID:4596
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 4 -isForBrowser -prefsHandle 5592 -prefMapHandle 5596 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d43d690-0a46-4726-86f3-e4fabff73934} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" tab
      4⤵
      PID:2708
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5860 -childID 5 -isForBrowser -prefsHandle 5872 -prefMapHandle 5868 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {910abfe3-618c-4925-a0e1-8e0567e8f028} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" tab
      4⤵
      PID:856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
422f6aa7d57a15174fe909b7e7135905

SHA1
e7975edcea20b65caa23ed600f4714fa98fc864c

SHA256
5204e1d97afea124a29697bea27aa6a7628ed13736df4f2b160169ba438f51c6

SHA512
0ea7136891881829e9ec37bcda6524a8bed8fc6a7741aac35bcdc17e6b992e6caf12b9d1c9e3860da1f2980075b32b6a68faf92c4ff5c4b92a405c5fc34e5339

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
0c1e399edd6247256614055b8888dc4c

SHA1
5d4538fb013a27c624a3eb5d60ba54963f22938d

SHA256
853200c8525ea2f96a8b347925ef621d2f6a18b8d57689b10dfc3012da7779d6

SHA512
2707febfdaedad422441eb880ff2699412d98672ce979f308806e9a759ddbc93073df541e3b8c57131d549e58c4ca01f57d3a50cb1da1908ba58d965ffc852b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
6KB

MD5
400996de937b05ada46d3455f865c308

SHA1
1224d5bf76a1d89dc47f09412f132e022e83818f

SHA256
fe8eaabc20717f8afdbc5182541482d5fbf35eeab5966971406a03be496fecaf

SHA512
2a2810f523b7614710151dd6ad9057521555d6b7c1e9d0f356570d0e6731f2ed8b4134689e7fd57bb5edf9433c639be753f01c036c4466300177d0ff90bcdb8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
18KB

MD5
d1240bc854050128f3dc51ed28e61198

SHA1
47ac191d957eb5a6c88acb6ea623e75713844429

SHA256
6141d1201b220257c3b7b676984be60da2694b85a18d1337d50da49a79c787bc

SHA512
b282ad816532fddd65875ae99f7a2444edd6e1212e1745c7d9f0dead9f5c634d7aacc52fc9a5d811b0d682ed62d2e3742685fe1f00c4f09921b1ce113af77df4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
8KB

MD5
4622fe2eeab1087440e4800a7750d088

SHA1
fb5318d6694ea4f5292243cd305cf48fb9c4f712

SHA256
97d3f6e9d2d71f155268ccc7c6c20ca5681f545d3caf7ce860570fa832f60a70

SHA512
c9f0e98d88264572ccf42acd75c182ebdd65c4e447aa875eb6ce0854d50cd17e4fea448dab219ee86affe28c23d4eca1a10ab785814f68a2476a60d061931d69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
13KB

MD5
1e2f74d7a402be30839b92824663a989

SHA1
da662163f3578d710239434bce0613e9d5d18c4a

SHA256
edcebb77343d906cbb1e64539207bba2bd38ce0f2bdf2b0332771efa5227dd49

SHA512
f9456404cc1b622c8c6b4fa6907b3d96f4d6fd78551370b5ca98d385509d20687d5fdf8d1b8d1bbb0d36cca3f422c2744df81b989ffa557801eabd3520378e06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e4cbb79b9b67f1a506b6912120f48e7c

SHA1
6a6c708bb873f6645167c5dddb51798d0983663d

SHA256
824b74a6bd51e6b428e9722045928f875f1cd78da1c543d80d08f24e626d9f8c

SHA512
b1d1974aac855fc3f008cac6d628a776ada46ba7b797c46ad0945fbf613e07f2eda931aaa6f0b82903e4bc7ac98618957ef6f07f6007a0be43f90d6ea6b116e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d02fcc8feb93372ab96961aaa8bbdc99

SHA1
2e36260c6050b58f186a0fa7cedbb3612fddb81e

SHA256
9746a356eb9e3af97ee59058f879aafb56570d448ba50835bd852da7cc1ef599

SHA512
698273ebfa1d9cb5c20a58a49006d408accfa6efc01a65e26d19e7a2c8dc0a77a73aff18fb7d47315e5bb362b8017a602f6b8700e48de6c9aad8cf8e1e932502

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
7ca366541a7e4d35e353dc5cd3483faa

SHA1
c425fecc9acda669d1f80cd3943d8c5b1840c13f

SHA256
680cf38b15a5e6c63f7b4655c5d64b179b5494f797a8b63b7f02153f7e53025c

SHA512
9e2fad2ef466d321567a213a1e34f8589bd965f4a13016f4ef436e9e227f09d6fff818bd06213ea99757191728c8175ea009b384679eb67fbce4b259dc1bf2a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
18de7743816c6414a89cbec012a70509

SHA1
9b7f22c8f118312a21bdd0eecfd30ec4a5275887

SHA256
3f7c27255b77c15b5b4077814f4e70ca2f7f6c93c6d949d40669b062d6c23a28

SHA512
ceaadc13ceaf6000abc0d8f2808b46b84a11e6aaf750617651eaaa75ac3b6449096b64f96ad64fe870c91cb1d5de5c2f1399c7b094035e0fdc331d50641d4ae7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\4e0f8c0b-f18b-48c2-8d00-4e871c363035

Filesize
982B

MD5
2e2bb5b93d598e27e6e3618a43464f7e

SHA1
7095e2f7a13cdb62e8c7ac969e2a61207c823784

SHA256
eb1ffbf5f8e9bbd9e0892a2efccff08ac6b1c1682b5a887f1e002add023d225a

SHA512
20a5f112b335a30c03edb0d49cdbab543257fb0a9b10241ff6568b6dacfa4b7244ae31f906fe8675d4b1beecb1eaf5cc700f9d61694b7a748a240e961a328582

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\4fff843b-59ea-4304-9838-38963b5ece9c

Filesize
671B

MD5
584cca67e60d9b20626941b094223828

SHA1
debf7375c6d162155d278d49703c21b33a258279

SHA256
529402f58ec14a750d66d0e4fbe4008729e98be8cc25d2d3d62684667ee78920

SHA512
099961c836f57c21d2eccbb6c17d4523eac572bd14a8241126e50b28e8160d6212326502efe42ba6f78a941437f498871135a7b25711c37feb696643aec608f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\87966af4-08f5-4c51-850f-0b563915a7fa

Filesize
27KB

MD5
bb48cce1f475b8882c36a039f9acc6f9

SHA1
0ec597150cc77ccd56399b91334f336fbb8da099

SHA256
51a380cc3344752d8e4af6b5c54779ceec97f6d4e7b2728b07fb652b75f2a4c9

SHA512
288349b9f8f6f8c2b6302a289bbf9b8c757c7f4ccede2cd599e43d8f64257b40f90fc2e3897870e8652e369f127123c613f69b87cec1716c8e5827dbb985c61b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
10KB

MD5
fc691a9a81fb9f9faea4852756f62dd3

SHA1
5bf71f7dba251c8aec9594fa9e863ce4debf2ca7

SHA256
4e366af13ac8247b5e1687ff987cdcf0ed0b759047d75e7d705619cda11dc244

SHA512
e34cccd5b32692636fe1d72f94b037d235961a3e188ebe8df124519c7d02f3a3b4bd667a725272dc4111326104f7a977fd4597e58f4adfd0e23409d1e1c98a7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
11KB

MD5
528c37a2d2a0155b56cf7069976ce2d0

SHA1
f25af8c3eed7f29cd04fb41ec2c2ada03052587a

SHA256
f1a8388f33086bd83dc65559af6ed0ee4371f60df221874b301527c22ec21257

SHA512
ebc331ae86c4f6464a013384f0f3fb0585ff028a2d89423a9bf7941197aa912d6fc58d4e08e76b5dfb73196d4ca1aeed4a422e5118e88952ed8b1a7594f0254e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
15KB

MD5
8b59d83de82a6506148efb90fdc3cf08

SHA1
e835546ce5795361edf9918c09c993b218481468

SHA256
d94d7467fcea3599361492d49cba85c9397b6582bc271ab3f96a94e32d9aba85

SHA512
192490a54f75a95f95c5753201babaff3f2f3ffc5ca90900ad9d9f116e53046ea0441d9f98c9e1b8331414662dc0cbef1200928414805b5dc58f50bf300547d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js

Filesize
10KB

MD5
346dc8dfc22ed924a3ce85e1fac585fb

SHA1
c1c77df8fe00a3f1fb0048959d19a9ec0e512674

SHA256
c58a31d90ba622039370963f01b37b7e93f2f629a2efbd590f64bd577004682a

SHA512
8d09f699d63165528ef44d2c6147aee49fc7ef6728b968a7347ac14c1e7f75e766c092724fd3747176a7301e0ef938453ad19b60a82f3673a295aa8dc5dbeac6

Download Submit