e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f

Analysis

max time kernel
128s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
Size

901KB
MD5

ac622fc7f4931e186a40e7635a86d748
SHA1

6594b6e7392378860c28ae1947c60d67c504f989
SHA256

e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f
SHA512

5cb8727030ce42113006a81af314dd6e9b2de4b053004479c28fd1e4a92d564da797e7d3f3d0e0eb09b1fe1326d66764bdf163069f09b6e043df6d63892cdd75
SSDEEP

12288:uqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgapTR:uqDEvCTbMWu7rQYlBQcBiT6rprG8atR

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
4556	taskkill.exe
3624	taskkill.exe
3584	taskkill.exe
4228	taskkill.exe
3680	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3680	taskkill.exe
Token: SeDebugPrivilege	4556	taskkill.exe
Token: SeDebugPrivilege	3624	taskkill.exe
Token: SeDebugPrivilege	3584	taskkill.exe
Token: SeDebugPrivilege	4228	taskkill.exe
Token: SeDebugPrivilege	2556	firefox.exe
Token: SeDebugPrivilege	2556	firefox.exe
Token: SeDebugPrivilege	2556	firefox.exe
Token: SeDebugPrivilege	2556	firefox.exe
Token: SeDebugPrivilege	2556	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
2556	firefox.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2556	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 3680	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	83
PID 5020 wrote to memory of 3680	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	83
PID 5020 wrote to memory of 3680	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	83
PID 5020 wrote to memory of 4556	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	86
PID 5020 wrote to memory of 4556	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	86
PID 5020 wrote to memory of 4556	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	86
PID 5020 wrote to memory of 3624	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	88
PID 5020 wrote to memory of 3624	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	88
PID 5020 wrote to memory of 3624	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	88
PID 5020 wrote to memory of 3584	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	90
PID 5020 wrote to memory of 3584	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	90
PID 5020 wrote to memory of 3584	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	90
PID 5020 wrote to memory of 4228	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	92
PID 5020 wrote to memory of 4228	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	92
PID 5020 wrote to memory of 4228	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	92
PID 5020 wrote to memory of 2248	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	94
PID 5020 wrote to memory of 2248	5020	e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe	94
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2248 wrote to memory of 2556	2248	firefox.exe	95
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96
PID 2556 wrote to memory of 3092	2556	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe
"C:\Users\Admin\AppData\Local\Temp\e897e7c522d68cce5842935f168b5726a53cd614234e12cf70bfb1f3a0d6a50f.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3680
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4556
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3624
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3584
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70c30b83-c367-4122-a0a8-f6c83d426cb8} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" gpu
      4⤵
      PID:3092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2acc50f-a900-485e-8cc4-82dc33d71f8f} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" socket
      4⤵
      PID:4104
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dca3b9e-e968-49aa-be45-27ee147b9f21} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
      4⤵
      PID:3012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2616 -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3140 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a37712af-2272-4085-9a1a-18af08913b38} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
      4⤵
      PID:496
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4720 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4640 -prefMapHandle 4564 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3810211-d022-47cf-8b27-6f7ff650d56d} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" utility
      4⤵
      Checks processor information in registry
      PID:5000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 3 -isForBrowser -prefsHandle 5192 -prefMapHandle 5188 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a25c002c-017d-4d59-869d-99a9d4da35d2} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
      4⤵
      PID:1888
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5216ecdf-13f3-4b22-bcea-d464575dc484} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
      4⤵
      PID:4260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5860 -childID 5 -isForBrowser -prefsHandle 5852 -prefMapHandle 5848 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26343738-1b69-445d-aca2-78caed1a96b3} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
      4⤵
      PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
797031139e45fca609557bf3cf0d0803

SHA1
57e9bfd74e67c11f06f4b3b74a2a8e670e0ede78

SHA256
994201736355e34bcc06d436fe36801aeb11ac36aa62c7742124e33a01b59253

SHA512
f3c9db41c620ac1ffc11055d7f3982ceb356ac2a7b79c8dbfce75cbecfcee0c1c2d4eb9959c4c05b8bcc1af87ba9559db210c231ef8e3a6e23b9b1d7e35a7a05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
2ef19bf236dd5c56c109de59c88a6e08

SHA1
66a6f83e5cc27d1ffec68a2abdfbf7b4a44d94b4

SHA256
3982331160532436482c0553809f29afcfc9defe2333c0614e492efda9931452

SHA512
ef8958687ddde83c86a119a52a343cf4bc84c735986bb7c5b3ae6df90215b2592a3788d9507ff7de3f54196824157c11cfae54c86631fd0d365529342e74f79d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
7KB

MD5
4f6e988c949b8adfb977f586856a9500

SHA1
e59da1706b4196617574739373343fb3563f2103

SHA256
d2b680931b77d40891773ea2a322576cf8abcf46489c3b5ca12e69a3ce4e5284

SHA512
82a373312929eabfcaf1846eb19cd99e7a13729dfbe6e4fe3200d6253d5373fbe68cec1de220197f921860b8113eaf5e4d438934804cd197c56db4669e62ea0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
8KB

MD5
9beb5d5fd3a613fb52c918370e05f497

SHA1
77b57f36ed4e4ac756b27cc24ea28b80a2fb7cd7

SHA256
b12e597b0456b548396e0d1af8f6eef75691a18255a0add726f57ec1b7d3be42

SHA512
05109b199c40391934b865505e64ab9f9a69243b8db7abad0a991a479536a297a0a634edcf8abf7d48b1953dddf770135a911a90433791d32a7117925f83681c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
13KB

MD5
ee117c51b7292ef561f09b405398afab

SHA1
7dfc57148d18ef33678aeb707f33f1df17a45115

SHA256
2b0c55933b33958b40045f46d8996b3e1dcadaf19a195590afeae8a745388bcc

SHA512
a74b2cb4ec0c047e4ddbc5e72e655100b1b7eae299bdbe3506444307e2588f52c222c7e95ccdb6d3bfd3df0d97312878f76462509ed71cb91b28de35ed92184d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
cbbed98092b3f2085111c72926362ddf

SHA1
584ce10d81092281b1eb57a425156cfa83fe93c1

SHA256
51fc165d8f21f4e8084924a76ef6ce1fa8e67dc5ed9a4466981b9c55b002c0e1

SHA512
7fcc884d814f220dcd5bc7d9887dd79be373c0e7d2ff9eff32b3fcd2c3b195b38fa7afcf09fd32ed6395ae50e6a4e5cfbea6696ccddf0b5a447bd1ddefaddd06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
18d680b4b20f64716d6a4d2ee2094dea

SHA1
e2ca91e95c8d8e6bf82cf3f6ebc10e938f9b4818

SHA256
4ce88851c76181054108564baa7266152a3c2bb189d8f82902e004a9f26d47a3

SHA512
902630c825297301e9ae8df8d99650198edd3cf35b851e5468bc5f8004c2a01bf78b1862996558366cc8906e9498e5daaa5c2edd53b34a7e2f2f250cfad3b129

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
3a7357b94d80b9572b0825bd771dd765

SHA1
795406c88c2a012cd47edd39989273f211c2904b

SHA256
b2d093f01f966d510e628370e83061e454a4ea55a679352be100fe4e673ee7d0

SHA512
7d4dddc2de7d30384b2ca88bc4c4824e64ee88c1cc688bd7030351a814ec66eeb28dedc8e9bd6e592308ecc14da25dcad9e897abb39d956433d15796eb0b75c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\4074143f-7317-446b-97ed-7f4dca887eb0

Filesize
982B

MD5
7a524e031e4ea1701e35417ba782ef70

SHA1
d3036412580c80a9a578aa6df8aee571b2355026

SHA256
ebfbe523e5f0b9f0c9345fcf8a91722bbb07b255c94eb0b68eae2dca4b2060d9

SHA512
46eb5e2c13ba5aa02a4c2a761bdba04914379f9e42bb74dc57ddbbc08d5ca7c06d8cf330d31356f35225511d2ced82fb5a913cea930cd2fece94a0509c6aa9eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\77f30cb4-f37a-4c78-ad6f-7dcf433f7602

Filesize
671B

MD5
cdc6d468e6aa41d9b50c11995f9d4353

SHA1
15698e8a11c350263df062555e642925208861da

SHA256
70d69f5ea12c154e5878a4c2f0ebc8f0fde76bb4b210874f25e3d1ed59fd562a

SHA512
6d447a7e011b995406fb344e3c211ef5810ad4d22c7273e5a0527c5fad0836e6650e76cd988c558ff69b88bd1f61d2e579a7298e6b5d17b2ccd53665ff2b86f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\a778a5e9-5478-4f39-bbf9-a93a7c5f57d4

Filesize
25KB

MD5
e7d3e782af7f73fe92d37aee54b59d77

SHA1
1c27ecdbc5ae9769062fa23917daee3c2bd9c1ab

SHA256
1c0a860e7569e37869c6d15280bf99742bffe678ebcb096b0c90bbc8d07e10f3

SHA512
36a0f9b8e9449bf6580560378df01d03cf444fd584527e65fe2c75a85ca2aad4518d3475de2b922b0a8d22e34cf14c81180f4db87c222ac9598cd6ccdba7a19e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
15KB

MD5
c241aed76f67adb19cc88f3752a49533

SHA1
80e7a0f2c640f85ce657f81dae202c283d5b98cc

SHA256
c68a5fb96eae49e611267628d667b9b363a567f2fa27eab4f94d9bb9a3107212

SHA512
1453a395f6f6265b939c254b911a36df4d2876d04d38fbbd87062bb8a82fd77d5787c21172847f57839d9da444980169e388df961a5773c07b03aaa78b536a1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js

Filesize
10KB

MD5
59b56fc4cff957b14d33bcb7cf5f97bc

SHA1
0a9f54a0269ad08596941036d1153e8cd1ffdb5a

SHA256
21a2cb74399e7e57ccbf26a90d888fced08fd9f37805f11132d8a77016f2a8bc

SHA512
add620576fc42eb3c4400c2e4270714af5f09a08eb8883023cf4082c4fde8cf84871a068ddfdee9a508b46cb3c3c5f22de35c67935cbcfb55e7e96d713a3fb6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js

Filesize
11KB

MD5
aea20ae36adef7ba8b7deb28f7a31535

SHA1
64c2081d16c853046afa52da43ce390b0633047d

SHA256
98947afd8cdde836e4c3e7f11d1ae11d83b75003cec5e8d2700f255a9969ebac

SHA512
b92b6c1cb658dec302cb5b4f7d5daf45e1e6b6e336d733ade89179e498eca306e00452b77f03ec1920b67981ca5131a1799ec2dfc788394b91db0becc1051dc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js

Filesize
10KB

MD5
4c76020a565ff55e6d09ecc6c1855f03

SHA1
db9158c1ca6481c1841d1b099003aca23f75a385

SHA256
29d8328544e3d49c717f0af6560c1452872e29643fab581fb167c78f4b9b80a7

SHA512
18c951d2b796ca74ccbe5e418d84329abb6b5ba7637d6142cfcaf312dbcfd4788107b8ed97d90b722c5f9e7a3bd18981eaf704704ec750f671dae0b239f4cbec

Download Submit