Analysis Overview
SHA256
88a6a898b60f8ddb57ceba90fc392632e1b397a2be5c28b3da70d4809936cab7
Threat Level: Known bad
The file 241217-dmcsqazkem_pw_infected.zip was found to be: Known bad.
Malicious Activity Summary
Pysilon family
Detect Pysilon
Detects Pyinstaller
Unsigned PE
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-17 03:13
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-17 03:12
Reported
2024-12-17 03:16
Platform
win10ltsc2021-20241211-en
Max time kernel
104s
Max time network
103s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\241217-dmcsqazkem_pw_infected.zip"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b18379bd-02c0-41e8-bc1b-e0f02ac4a34e} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f7512db-4dcd-4ab4-8d45-2ae3889f7d52} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3256 -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3140 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef0cf171-d64b-40ca-aed2-7de91ef6b3b7} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3400 -childID 2 -isForBrowser -prefsHandle 3392 -prefMapHandle 3388 -prefsLen 24783 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {893dad6d-da17-4a0d-895a-d500435e7f5e} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1260 -childID 3 -isForBrowser -prefsHandle 3924 -prefMapHandle 2568 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05fac3cb-70ee-4baa-9a87-b3070481b01e} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5036 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5076 -prefMapHandle 5072 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {185d066f-8c08-44b1-8597-8b7ce89facd8} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 4 -isForBrowser -prefsHandle 5840 -prefMapHandle 5828 -prefsLen 27158 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4552dcdb-1d93-4844-91a3-4d14a0f5b1ed} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5852 -prefMapHandle 5848 -prefsLen 27158 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8506d71-b799-4e6b-a6a5-e002abfe939f} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 6 -isForBrowser -prefsHandle 6232 -prefMapHandle 6228 -prefsLen 27158 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61061641-5587-451b-8e6f-7949a2541f35} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6424 -childID 7 -isForBrowser -prefsHandle 6184 -prefMapHandle 6188 -prefsLen 27158 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ef1481a-6ac9-4333-9548-519d9f5f985a} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| N/A | 127.0.0.1:49776 | tcp | |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 151.101.67.19:443 | www.mozilla.org | tcp |
| US | 151.101.67.19:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 19.67.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 150.225.228.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49785 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uncoverit.org | udp |
| US | 76.76.21.21:80 | uncoverit.org | tcp |
| US | 76.76.21.21:80 | uncoverit.org | tcp |
| US | 8.8.8.8:53 | uncoverit.org | udp |
| US | 8.8.8.8:53 | uncoverit.org | udp |
| US | 76.76.21.21:443 | uncoverit.org | tcp |
| US | 8.8.8.8:53 | www.uncoverit.org | udp |
| US | 8.8.8.8:53 | 21.21.76.76.in-addr.arpa | udp |
| US | 76.76.21.98:443 | www.uncoverit.org | tcp |
| US | 8.8.8.8:53 | cname.vercel-dns.com | udp |
| US | 8.8.8.8:53 | cname.vercel-dns.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 13.107.246.64:443 | s-part-0036.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | 98.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.uncover.us.kg | udp |
| US | 104.21.16.1:443 | api.uncover.us.kg | tcp |
| US | 104.21.16.1:443 | api.uncover.us.kg | tcp |
| US | 8.8.8.8:53 | api.uncover.us.kg | udp |
| US | 8.8.8.8:53 | api.uncover.us.kg | udp |
| US | 104.21.16.1:443 | api.uncover.us.kg | udp |
| US | 8.8.8.8:53 | 1.16.21.104.in-addr.arpa | udp |
| US | 104.21.16.1:443 | api.uncover.us.kg | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\otijbhkb.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 288aed032fb9ba8502c88029cb9f2bb2 |
| SHA1 | f5c02ac3d50cd37604bc4efdee462587a0232ed6 |
| SHA256 | 98fe1fd7a7d36e1aa07404bc0d68e5a362f4a808bf52256bae66f19de0e28496 |
| SHA512 | 32adb68f2424bab34d1e7893b413afaa2613a1176f505d35833a30ef64f055108395d582b28514db7c2f15f7143e9ad7c1ba094ddd5547ebb03b118716f52314 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\pending_pings\ffcea591-444d-4bcd-a862-630104cb4a2b
| MD5 | 04831a3a884ddc3180cc8a8092cb71a3 |
| SHA1 | 1fafc905e38c3bf5f3eeb1425d29992e718e0659 |
| SHA256 | e806ae021eef29d3c3b19bf78a9eb67ac8b428b1ebb23f741e8552ac6bde4154 |
| SHA512 | 879126025bdfdb57c21c6a406e2d60d5f28da793e9d65f87f9255595c5e3c3c6b2cb75dfbbceb89879d558169c9dde0f05160a396d4b7d51686c2395dba2ddb8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\pending_pings\975dc61a-bf7f-4a6e-90fb-fc19816a9edd
| MD5 | 33a5e09e99ec86ce1c5750ad2f2d6dca |
| SHA1 | ddc0eb3ac3d615671fb4400574ae1a6ffe538505 |
| SHA256 | fd08bf526bac744aedf59661fc9e3a3ef3ca4973faffa4e4fe20c008a84ee90c |
| SHA512 | 8d9d38daeacafcd34573ae72d16f4df81c2df169b324a99408bcd78f2597547bee330344f84225c5fffed619ea1ce4d45f013bd53e75fcf6f9cbbc2e1563f09b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 23c30224268baa0a849d110dfde88873 |
| SHA1 | 32674741953be5bdb362a259e8171451218af662 |
| SHA256 | f8c8c9068c9b3df83ead0bc1cb79c93a4b55e4da7fdefe9c7f487f16375085d4 |
| SHA512 | 9481b8d21dcac98ead258cc05d0ad7f2a1bccf07c4e450068fc4ddc1a3c7b77bc19a7a4bcf1f0262ac74abf07adc68c993f17082f26a7e53db821ad1cedea695 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\otijbhkb.default-release\activity-stream.discovery_stream.json
| MD5 | ea4b6dde5e28f07e155f981529a27d0c |
| SHA1 | e1ea2dbb66af976adc8de30282b835448631a623 |
| SHA256 | 0e2bec03d711a7e9ae70209faebbbf09eb96de1ea562a4ca39dcb2201e73ff29 |
| SHA512 | 33753fdf631f5aaf4abf25193ac4110371967342899d354d403e6407108c1080c11a57d9d101898c1d9ca2458cb3cabb532c02019909ad6853dcac342358fba6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 332da64b6f83ae512af0c17c24be0b56 |
| SHA1 | 525d3ae2ede178718ed8f109485e25c951981740 |
| SHA256 | 1ed3528a754750d3c536fe4ccf4df4e944b0e1fdef9293e551c512ec47887c15 |
| SHA512 | f27d54904e9919fa5fa5f3bfe998451e31c82f2b6e9dfffc52c743035db691a18a9316db04ec41be83ae733dd84a59d381a7c199e439e0065126a678045fe03a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\prefs.js
| MD5 | 4f279163a868ab52324c67fe80a7c291 |
| SHA1 | 2259a96714a2583ac91520df5b5bf33785f44558 |
| SHA256 | 7f330b52e16a4a604b84de470ce5e71d237be8db0658551f444864ab6c112378 |
| SHA512 | ff7a265bc83584276772b8bf85e86c76ded8024b09bb58bc3706b3527b5be087e355858eef7e5c1f4a5393d992c2ff6558e0d9405350162d6f9100316b49b61d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4bad7175e17001a6c96803360e2c85bd |
| SHA1 | 62bbf4cfed52006344f43f90a01b67189777a009 |
| SHA256 | 7776668ebce75bbd758d2465c656fc98d1f2f73c314f9f997c2f3f56f7467cae |
| SHA512 | a34eaac6b0344b215eca576e06fb752f558bcc1f3932d706593af86643d8619c75117bda9d0a36e5c5fe43bf4557d62cca14a8ca38cdcf93335c4ad0c1a5c77d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\AlternateServices.bin
| MD5 | fb4666b4fe3827e43ce47c8fa617b825 |
| SHA1 | c691c54ec67d7a6b5942926a166f9b5fc84a026c |
| SHA256 | 9e921af6980bd1e018ed2e3c412f720f48dcc75b78a716bd7e9ca24c06b1e726 |
| SHA512 | 54da4a90659c4ad52c762446f28cc1fff33caa72d52f615b088bfb597a9e322a7d53179d4aefe0c37586006011a30b61a19f5dbddcae63b00b8a708bcfe3c814 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 41c436558af1c18df619c999e3ccabc8 |
| SHA1 | 86786c462e8c142054ca17573884a6141b5f9d41 |
| SHA256 | 8223e9bad8559401edab68658ca906d9cc8cefa9e2cd1eb96d62f5bf93781450 |
| SHA512 | efdbe2fd6a8302ff53449b018862cf577f4f0b6346c5e6236b6607f5f2bf7914283d7d71a0203f1c795a1195c06bed318a48bedfa85c739f41aa02cd5ba4a39a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\AlternateServices.bin
| MD5 | cfe59ef8a0dc25c2d764fdbe7969e458 |
| SHA1 | 62980ac83b88f51f7c4874fae0a20dac02dce4b7 |
| SHA256 | 91ddc925d7e93ed682f8fce69563dc46e8e4262f0fb7dc131ef3ac86240f3ebd |
| SHA512 | 708c3635ec3fb6672443dcc90a9ba147051c83fc8727697da1204fb34f23981c1df53ed202b98f7b8d2201ab729dbcd9d8d1d9626a62ff42483c49a17173d472 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\prefs-1.js
| MD5 | c856f8ba04cb3e108c25c09c0dc63346 |
| SHA1 | 2ac22b87471103d69bf4f50576f7b90f0d5ae93b |
| SHA256 | 7e24087fba2e820de170052cd4cddd5c35348009a3334dfaff4f2995b59e32f3 |
| SHA512 | 00da7895dcca0bd50c997f8b7385d2487552163b1ab39d40a7dc87bf159a45a6d8651943f1f20ad2ccf56e9b9dd923c86f9759b8c415b389c559c12e8cdf4f48 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7c4ae585335cd66340e83177b132fc9d |
| SHA1 | b57d8c176a61be755b653bdb95fa7825eec9a62f |
| SHA256 | 216c87854f7edf1247785b941d49caf49c09e7df63762a78af945977011dc0de |
| SHA512 | 00aa2d596f80837751cd0b12b0202950a161ee7a5e68276529669f8650d0e34eb719ad2f26b64d93f71494cd504626a1ee735cbaa2453e1f0f32fc86c0f1762c |