3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976

Analysis

max time kernel
33s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
Size

901KB
MD5

8894eddd213de906738c3d7c80d61c7b
SHA1

cd385cbc6e01d0306c9c8c10bf31b597fbd6174f
SHA256

3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976
SHA512

dd75e691ed55d23ec4a727d845e61ff0db8bb735b2d2845e024749eaa777560b3a12d8dc74af745fcabe1a5f20d60ed733b126eaf5acd8416cef83abda81c2ec
SSDEEP

12288:0qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga0TZ:0qDEvCTbMWu7rQYlBQcBiT6rprG8aUZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
696	taskkill.exe
4980	taskkill.exe
4672	taskkill.exe
4032	taskkill.exe
3000	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4980	taskkill.exe
Token: SeDebugPrivilege	4672	taskkill.exe
Token: SeDebugPrivilege	4032	taskkill.exe
Token: SeDebugPrivilege	3000	taskkill.exe
Token: SeDebugPrivilege	696	taskkill.exe
Token: SeDebugPrivilege	5020	firefox.exe
Token: SeDebugPrivilege	5020	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
5020	firefox.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5020	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 4980	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	83
PID 1160 wrote to memory of 4980	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	83
PID 1160 wrote to memory of 4980	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	83
PID 1160 wrote to memory of 4672	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	86
PID 1160 wrote to memory of 4672	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	86
PID 1160 wrote to memory of 4672	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	86
PID 1160 wrote to memory of 4032	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	88
PID 1160 wrote to memory of 4032	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	88
PID 1160 wrote to memory of 4032	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	88
PID 1160 wrote to memory of 3000	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	90
PID 1160 wrote to memory of 3000	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	90
PID 1160 wrote to memory of 3000	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	90
PID 1160 wrote to memory of 696	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	92
PID 1160 wrote to memory of 696	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	92
PID 1160 wrote to memory of 696	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	92
PID 1160 wrote to memory of 2392	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	94
PID 1160 wrote to memory of 2392	1160	3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe	94
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 2392 wrote to memory of 5020	2392	firefox.exe	95
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97
PID 5020 wrote to memory of 1408	5020	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe
"C:\Users\Admin\AppData\Local\Temp\3dea1ae8aef657847ba25bb5c9fb73fd99cb88b66d9bfd8cd6607c3a8c31f976.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4980
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4672
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4032
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3000
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:696
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5020
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e0ea27d-d2de-46bc-9381-38764a506620} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" gpu
      4⤵
      PID:1408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a38787d8-f4ca-4eae-88ea-535d2c975c47} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" socket
      4⤵
      PID:3716
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2952 -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2968 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07eabc2b-5ca0-4b01-a72f-006a2a616eeb} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
      4⤵
      PID:4188
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3540 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07a127af-d8a5-44a2-87d6-cbf6dd7eb010} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
      4⤵
      PID:2508
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4916 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4876 -prefMapHandle 4848 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b4a95ec-ee6c-479e-bada-a25b24e96c8c} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" utility
      4⤵
      Checks processor information in registry
      PID:2388
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 3 -isForBrowser -prefsHandle 5360 -prefMapHandle 5344 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a959788c-bb11-4cdd-808f-505473901b23} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
      4⤵
      PID:3388
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c84da0fd-3c86-4ae0-92ae-46bc7836a58d} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
      4⤵
      PID:3492
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 5 -isForBrowser -prefsHandle 5712 -prefMapHandle 5720 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e8657c8-1929-483a-b29c-c5593ff065ee} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
      4⤵
      PID:1196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
536c3f1188437051fdab59aed94ea339

SHA1
0f1b8555ce9b998c9d1f8376acc4263801073762

SHA256
4748c0e2f6768fbea69ce4911626207122adbed68c0d12af539c10fc2342f610

SHA512
f90054ec27701fffc5ac223bb7f24858a8577402d0d4f27a7ef715cfa4beb9eb68b9d6db440cefc4609fae0325881c7c938af2dee1a505330af28a74aad1f74b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
7c4b33dbcdeae4e6e13d6e7ecd1b28ef

SHA1
73d5932189f0f87ff7c56d123c8fd873b83fad71

SHA256
2adfc36941fd16696d696fd77c7afb99a6378594c4a1cdc657b862ada0606635

SHA512
7ce01173d0be4107916275f753fda529c08a60b2583a4854cb45c6042c22dc7ccb6a889ee4bb0adc2fd2a04454e56cb5527891a0e8f577e92f79192fe4ea8241

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
4.4MB

MD5
cebdf43e6a71c08a15d34afee0925ac7

SHA1
55f4a2ea70c039806c526aeae6bd50f34bc44256

SHA256
84f9487948e687e2ba6dde20e882a7bcf6f747922abbacb8ebcf09d944bcb2d5

SHA512
96ad473578c583df0571f177d0481907e0cf93547c4b722f253a5e1f70d6ba2d5fbf0ce4a8184a731c334b8a409a6878abc5d7159c06370b7daa0c12c9f6032e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
6KB

MD5
c633062b7ad4f9672c29fd404dc5ea0c

SHA1
82475c9d6a561407c65404fbd477b64365824555

SHA256
9274e61b10023a892b8b08efeccc50efe6b583a045289e1924cc91bd604b16d5

SHA512
ba800c48681705a2f4faaa99d2528ab7218e39763d5a763cfc71269a151939e6c09f999bb8a9bd8fc31a1179580c1292e119600dc863e07220edd700c866377d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
8KB

MD5
0b5cf69ff310a3978e1ba86c39bf0444

SHA1
b8f7080373ab4daf5c9cce593ffb421954528b4a

SHA256
222078d90295bf45f6ef047ad90a980eab469166912b7168753bacba7a29c25f

SHA512
528a904475d207ce4379588c9bcbc8c0c88e73c5d48cf1238de05e0d05f67a618a76d6daf756949e0eadce896a833adad962413a9d7d3b95b547fc113e55c2cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
18KB

MD5
6f23378b87d44ff9d3e5afdd07660aa9

SHA1
87db7a89726ea1b91482fc1ff45e9dc165476f97

SHA256
aa1851bfc317716c0f934b219b841435e8acc02c135e96353d67a82bfa847514

SHA512
b35500e97bf22a87b28252a3fb3aca62c9d04929eb2ac93a7cbfa4b7b456338b557b950fec112fb77d5fa60348f3218b1619a010f482f3e992488e6667d489c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
10KB

MD5
c0ad1c584803ead4567f9d29d07ef48f

SHA1
cf2a931070ee68bba73886abbb5b3d628bc20b93

SHA256
42c536007a26eccf2a238a7b95af5e94b67ba1a7baf5fafca83e1975b2196c71

SHA512
aa90177e8465cfd6aa5ba64b9174c133d57045803b1261be16933bb64441de9c2e8f7b88677b9bce35195b6892cee6a69d460117dd1b089f5fcefd844399a24c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
12KB

MD5
9b25870c30cbc1fc59d66344b33d3d76

SHA1
dc31af8afde592d52ab16504a72b93edae7c1b5b

SHA256
9f14b2867b313a492d81a2f716f9fb238127e04d31dac03a6058d4c802d72bbb

SHA512
433d4ffef9b865c9e405c3d6db12b25923cbcb238b0252b770c9453255e28a4299feaa3987b5fb411d0b67770e179de17137685b9c4d0412caeacb4dba1bfc95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9b098e35d47b30734682f79784b2e883

SHA1
c72c7e61a71d592aeadf872af613100fa7a43e0d

SHA256
b9a3339de3796e8c6fd491461589daad5199a08eba733cf22b2942b164a6b9f7

SHA512
fff9f537e2bea1f26c5b4ad0243040ebf829b11dc8cd9edc66117996c925a19b43c27973a720a50cb97610e5c007ab47ae053c977e14b1aaa9d167d8df63d8c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
df1eb57d7d55e45937c86fbd181764bd

SHA1
4ea581fc8c3da835d0036d826479ea51b2ba3372

SHA256
5f88ddc0d2e3d2540171a80b39e2daff1be0a10089b817a0c779cf3db4f4ccce

SHA512
ff720d15c47382011c4c8a04aee1041bcff302b9f4aa9297db79d87a39448ba8881fb33d4d3696189514eff9b686b55ce0285585110609d9983c820b7db83413

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
196a671ef784aecda142f07c4c5287fd

SHA1
5bbc7685be3825633d99e52caad6d5cd87255d3a

SHA256
6e6e3402a401f7fd22ee258ae7facd12a76eef4c6908aa24c84d266eb2e38296

SHA512
9a564c0c3e05becbf7e9e222f06467390d903c1ac7e0b8ddb6faf759d6229e02e4da25ecf78bb9d9f0da6715ef0cdfeda43bade02df3bf11375c597c61119c45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
54aea828c8dbdf6767f31deedb377c6a

SHA1
d65f5a74ad41f8bfab7580e31847ef4fd1c1975d

SHA256
f743afe4c61f4e40a4fc1258dbfaa4efba426eb9b0a70b6b9c61023ee3960c25

SHA512
0c593489abf23743f6a200952785614b6768f2ff40b3eb28b21f5f195190243ab07e38de02dd88278d28ab14688f930bdb55fa36757cc6ed3e8e81884b8ac8b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
62b7e88110b268b143db6e27a71e8055

SHA1
bf110ffdd063bed9490f1682e6e7755ac39a1166

SHA256
2d6f30c9247e2a59ac00c00cd5d711c2949cecc32e627a38860d3a1cac0da1d1

SHA512
8cd4f0d6d99d46c3f2dbb83adc42280bd88b89965fbe3ab6db8118fc7f9f7aa1cb5bdaa257cdc406e4f1a8d3c74b961610bd90700005d1661ed6863db8a2a17a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\0e4f7ba1-6d27-477a-b7e7-e6d9c95103ff

Filesize
26KB

MD5
afaba8d568847be9cf9ad76f2f11ed0a

SHA1
d99e1887d6caa72f722cf041aaa365e26b25ef28

SHA256
12060b77f636b3754e4ceec53c5961dfed4ff6760d97a01425515b0579e4e5c4

SHA512
34b18c97ff308ea5351f580cfadc8fd4be6ad4392aa2c00dc887d585ddf1e01063800c4ec7a2f56a8b1ddf3a3c3168d8c81bdb08283c2e2d4d13db8e0360fe61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\23ae944d-0c66-4f7e-a41e-7e0004daf232

Filesize
671B

MD5
0e71ca4674472b0556670f3db6475c08

SHA1
458a454d5ea9167b810ce7ab023b9f2db12e0854

SHA256
3b827906dba0d8c9c6f40d349d1584188e8fb103600f17264108bc9a523a8c89

SHA512
a85e0f36db25050dee9a3db02ce5982d6b24fef4618b130d5b6f2763718fa34f0ac21018b4087b884f54ed2329ad0fd6e8928b1053060a2d9df4fb7a6af7142e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\5811ddcb-9370-4c03-8480-444ad1f67259

Filesize
982B

MD5
65d65d713fac8e240782e645870bda9f

SHA1
0f730dbb2e38e6b603ba8b887c5172cce3798933

SHA256
63eeb4f384c4edd11c0cfa649dcd6b562d272affbff619156e92c5da7c88a30d

SHA512
957bc07c53e548381e306f1cb0edb034bcad65dd0ebd89a63897a4ff44082ef5cf01de15fa94485a47abd797632b38f64146deb999a670163b3c50983f6762e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
4.4MB

MD5
66cc3c42d9e06aca8835034e2bae35c1

SHA1
f92ef8a3c9c4e4fc020c0a3bc5a5e648d94bc487

SHA256
5503757fccb664eb8022848c2795d2ebd391379ead05c067aa2af4c9a1eeabfe

SHA512
46af570fd1949b739838e9de33f6676c808e0992ebf7526412ba725e682984b0b271f3fc9750fc4ca2910fc5f2f8efb9f2e645842ce2a6cb48e42bbcb0cea05f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
11KB

MD5
f294390ddfb2ae13147dc053fced7b9d

SHA1
6a824f7e90e0a0936916ea1a20c3bfb3a78277ed

SHA256
c0359c29ac8b4dccf894b8ee2fc33af263f20e5fd66be6a22d8dbdaa3226b636

SHA512
9a1986de0721ff54c5c9ad6505b12807d12e8b4bac837c9628c4e8b725b3427693b4f7fdd4d4680d8ab792bf99fcfa117405f79360f566cb0aae0719b29a31a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
15KB

MD5
6322790f51e478d11338bb94a3e16781

SHA1
741e8d8321680b5c52c5f0ae16677d06ae362e26

SHA256
871d6b5d9a5ff742add1c54505eb50e3e052e4b0b29d3c8926ba1f9c850a11bd

SHA512
9796fc5a15af5978b6f25999a2dcfe71dad308c77f5b68ff41b32fdfd8191b9a840133f24adb332f3b1dfa91030b98157972b1c0e77a04f22561d05691759552

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
10KB

MD5
b156abad46a3e5c02443365fb0dc4b4d

SHA1
d7a086e6263fd6ca6fdbcb0bb0398b4a91bbc37c

SHA256
5e0d20026230faf26383065886da55935d4aaf30478409e8e9bcc219309a9856

SHA512
7483d95794aa75d7c93f9f9bfc7034cc554896e72bd7792d9629ec59d8dc2f374794350d75935f2c5ed07a4e4d6d2ece48f0d2822897a41f1652a09375fbd0e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
5.4MB

MD5
35926fff69ba0f0b20b4e78982a9485d

SHA1
49f8dcbd9c021a4eb70f20b2c10257bc16d372b2

SHA256
e12c01b5a5fd83cdb080d389b8471a3ca2db1ecd558fbeac76a123f8e3d26407

SHA512
2d2825ea5add81c4d0da78e9992269199640e9994d89fa22ba50216bb75ad20340d2e3a6feac0e1983c7390eed4ecad74f0ed0a81e90b3c6a079d152d7bcfea3

Download Submit