9994b9e197b422529221de7238dc0e44ae21e66d78c48355f31837c3696ec90e

Analysis

max time kernel
147s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2024 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
Size

898KB
MD5

5265dcde5ea6a27a3475c937b5398279
SHA1

b21450b5d007f5ad99ce2d4778bb03927cbc17c4
SHA256

56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540
SHA512

eb6aaae24da6df7e04d11bbe876fcbfa20e5f8d82b5ff7d68396e2b0537a7950c88337cdccbf3e6c76d71ffbd58388df3fc52fe737c7960eecb9f0b09d54967b
SSDEEP

12288:pqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/Tf:pqDEvCTbMWu7rQYlBQcBiT6rprG8abf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2816	taskkill.exe
3956	taskkill.exe
5016	taskkill.exe
4648	taskkill.exe
3148	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3956	taskkill.exe
Token: SeDebugPrivilege	5016	taskkill.exe
Token: SeDebugPrivilege	4648	taskkill.exe
Token: SeDebugPrivilege	3148	taskkill.exe
Token: SeDebugPrivilege	2816	taskkill.exe
Token: SeDebugPrivilege	3104	firefox.exe
Token: SeDebugPrivilege	3104	firefox.exe
Token: SeDebugPrivilege	3104	firefox.exe
Token: SeDebugPrivilege	3104	firefox.exe
Token: SeDebugPrivilege	3104	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
3104	firefox.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3104	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 3956	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	82
PID 2132 wrote to memory of 3956	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	82
PID 2132 wrote to memory of 3956	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	82
PID 2132 wrote to memory of 5016	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	86
PID 2132 wrote to memory of 5016	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	86
PID 2132 wrote to memory of 5016	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	86
PID 2132 wrote to memory of 4648	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	88
PID 2132 wrote to memory of 4648	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	88
PID 2132 wrote to memory of 4648	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	88
PID 2132 wrote to memory of 3148	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	90
PID 2132 wrote to memory of 3148	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	90
PID 2132 wrote to memory of 3148	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	90
PID 2132 wrote to memory of 2816	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	92
PID 2132 wrote to memory of 2816	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	92
PID 2132 wrote to memory of 2816	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	92
PID 2132 wrote to memory of 944	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	94
PID 2132 wrote to memory of 944	2132	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	94
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 944 wrote to memory of 3104	944	firefox.exe	95
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96
PID 3104 wrote to memory of 3428	3104	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
"C:\Users\Admin\AppData\Local\Temp\56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3956
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5016
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4648
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3148
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2816
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3104
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c2d07a-8939-4817-8cf6-21ffbca48c60} 3104 "\\.\pipe\gecko-crash-server-pipe.3104" gpu
      4⤵
      PID:3428
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b31a9ff-3b86-4572-ac91-5a85b74f97c9} 3104 "\\.\pipe\gecko-crash-server-pipe.3104" socket
      4⤵
      PID:1960
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3296 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35794f16-67b8-4cad-aa20-71c67a63107d} 3104 "\\.\pipe\gecko-crash-server-pipe.3104" tab
      4⤵
      PID:3468
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4080 -childID 2 -isForBrowser -prefsHandle 4052 -prefMapHandle 4044 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c621c0e-f1a7-45e9-850a-1a3c46d1d952} 3104 "\\.\pipe\gecko-crash-server-pipe.3104" tab
      4⤵
      PID:2044
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4960 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4764 -prefMapHandle 4872 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ab94fe5-94ba-4aff-bba9-1ea46c96fac5} 3104 "\\.\pipe\gecko-crash-server-pipe.3104" utility
      4⤵
      Checks processor information in registry
      PID:2716
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5280 -childID 3 -isForBrowser -prefsHandle 5292 -prefMapHandle 5260 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55e57ea4-a7d7-48b3-82dc-468318a2ac55} 3104 "\\.\pipe\gecko-crash-server-pipe.3104" tab
      4⤵
      PID:4348
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5436 -prefMapHandle 5444 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {703c92fa-e034-490d-ae31-a84f7675424c} 3104 "\\.\pipe\gecko-crash-server-pipe.3104" tab
      4⤵
      PID:1324
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f56530af-ddfa-42df-b02e-55d8699a25f1} 3104 "\\.\pipe\gecko-crash-server-pipe.3104" tab
      4⤵
      PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
8a7b9492d2cf3ec11f89b19803977abd

SHA1
361b2e687381f5787bbeca4429a4713626f8d416

SHA256
86565c1de1689411aa0760e8b82644da86112e02d1e07c8dcdab38e61c956977

SHA512
921f2f199b2bfd6f94b459848c0a6c52e4a4cb27b8e0efaf9746e811d473762025cccce3cbf8ea55ee2ba7f926a24af0329505d29d42793425666c8fc6f5cdbd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

Filesize
13KB

MD5
e48f9ac79b8925e82fa2e0c6857977b2

SHA1
e3ba7013c47d070e9f7d395b6d027fc951a0861d

SHA256
385a949f261219311ccddf299e3f3aba80a56b1c005533274bdaac269d89dffc

SHA512
534a12d884f13167aa13dd1d6d05378f43cb20401cc4711f4bbb097bed7a73f54eecfcf0c10106def7033dcce2e579ed5395a03098e92633a16acb72a448585a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
6KB

MD5
33e6c890d614ea9cfb20fdcdd070f471

SHA1
3b092b4681ab42a99839dcef7e3d05edf909edef

SHA256
995787cc84fa1ce5ca5cf5314406f1d34fe42a6db98c8a4a9e441fa96a5201f4

SHA512
5eedfd3d5215a531a30c11a4072776b6c7ccf913a663368a21abcc67fa9788d1ceec8749feca97c44a8433af5366d9b8dc1266e696a9d6b3befc7516206d8b88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
10KB

MD5
7c6eb8b97549a5d0f00cbbbdff095cbd

SHA1
d3881d038d12fb7f07ec44e21602eba38aac9b27

SHA256
d5022326e97f9146aa1364ea0d7da23e8c0e39b5771d457b6ea9d1243173dc8d

SHA512
c1624a57b66e3d9115957ffd7f57c490a3db5f39bce51e4269f95135575ec4ceaddbf3b6a44e83f5fe2924820b2165e28db6a3935ee57b51324cbadbdad555a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0abeb5fa7fddec3649ecf7e120319d8e

SHA1
341ba2f867b14832c94a1940cd7fb8fbe9c10e7d

SHA256
663756a455c2e2654e054508051490448e4d70b6b834f3c32641385e2c3e47c4

SHA512
2bd3a68fda2cf1213d94f4b1e169c52ad920cfd2ba4dee7bdf164ec17bfd9ce21d4fe20c12771045ceb21680904caaec290fbf4917b067fd39ca689bc14b7cbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
cf9d977b1ba2f25d961f05b6b77e89c5

SHA1
e4aa6814521c5aa431332e4d478aace8667c8196

SHA256
91a750d43db465c121d4167cd5a7799c48ff205cbe96721a84a4c390448deba6

SHA512
f8d6ab3690308445c5f3cfb00e94910678b9404e138d8bb2b048dea3785fb3454788b7f7c10e61bc054ce647deb9b9f07642b9859b92d796097bf4af590c41ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
8ee1be4ee97f733eadeb5f6fb3c6c3e5

SHA1
adbb5cc73d0271809a51386cfc3c99c342bed13f

SHA256
239c81b27e0f9204dc63ef56ad02370600187d60a549fe94ba0fc868122e3809

SHA512
92257dff04fa95b0dba0eb8d6b5c15e633e0938ed4c44e09f0f4a3e081b9108f236532efb985a3de3c9b24d4241de85af42d2dda7c76680900cf107fc6064c99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
1c77363dcdf7913cb0b30627163b8f45

SHA1
2fabd6f05794a974fc655f97d1da1a49684b272a

SHA256
57fa3fe44a750c2cd3beb6a64a7525d88bfa8a680024c9713825385cc241a982

SHA512
62a4e4f9c5f7e12b6b11c7dce63ae1fbd92a20f7f81b80bca1b50b8a522ce0947fae76cd3c67f9b99071f7d2e109fa55176394bdf0013a5e30e4d2193e4194c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\98560270-3016-4b78-a074-52453dc6fa9b

Filesize
671B

MD5
2b9360acd6ddf099f0453d36869cfc43

SHA1
c9771816dcac912103b3b8e10387fc264391e994

SHA256
e005183eaeb04af763980c93f82f30bd0dd92f3fed44cb7562d99048ff74ce8a

SHA512
93a268f9b4ed23a33205e6884009e808bf221c2f3b1f517e49e7a067ca0b90d60b81077f13a53b504516c9d7ca96d9b8bd973b3b8e1970a95d706d3e52e1bcac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\d4950d00-2b38-4265-962f-6dc0962c4772

Filesize
982B

MD5
75d4609af18a301ca9759460c26990d5

SHA1
6ec578252d33ff85eba4215d9f7dcc5dfc52ef95

SHA256
2c798976bb751b131ea1b3f589e6a250f9e096b912159c7da884e747aacc71c4

SHA512
636f5d19da56bdc7c274c21e21524fd9ec54574c411a1a3a9ada137ce5f127e0f2c6cb13436f138a8e116e7aa0e87293707aca3ae2f0f5543015b360fd3ce049

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\e35faf11-9156-4ac6-a317-2f7da4d59da0

Filesize
26KB

MD5
8754c19f1f7844afcb660c98339e5e71

SHA1
4d9f07db2549be5eb03c87aa8f4cd146fb365641

SHA256
9dadce38b659f02d430b59b42f6ca58af1943c61f21a047667183cdb806f1a96

SHA512
70d23fe70c8a21319fa099add1b4fe4b4bce2cbb6f13af093d427c67bb5b9590c5328510a82f192d9d514ef0197b61cc1fcad8e9b51ffeb53fb5a9af596c5e6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
11KB

MD5
6598bd75522387f659c209f0df0066be

SHA1
fa661936b94746ba74a67b5fd631afb93260c4be

SHA256
f1d3e4f1496d5ac49abdbe186ce487983bd72df9b2fc3a8b8e4f92e76c4df7ca

SHA512
3f598c2e9bbfbed89a759681642ebe480c3a6403a493ec99e38e51676558c2f9fed46567658df9f8613e99be825e91196b7c45e9b5fd10da01084a53b9ee4241

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
15KB

MD5
b50dbc6e127511dde66597e5e574f657

SHA1
cb52eef54fad096f0a8c3cdb857ac1c8c848fb4a

SHA256
8a27de28993a51acf0c042521b53137f88572f550f7ff866e5108f22d0159b4b

SHA512
b2e8d944b940ac07f5c8155797eef2e13e9c0dd33e1849ac3ea10c039879d0dba26191a1fff7142ce37d06de114e813734829b6e94238944c48fd07fd2a00701

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

Filesize
10KB

MD5
274c46b0ce854c18b8459aef608b3558

SHA1
0c1f45786c7281e3404e4353e003ed2e7804dd27

SHA256
5613662701fa99edf56df8720191dcc7af918bf2736611ffab4fa4de54b85f4b

SHA512
340131294ed2cdd4db96513f7c210a8b1b154c98ebfbd3038182f3e9bcd8544e6bba7742066d936220abebb6417579aada3c80253336732acf8c3e7a340b8b42

Download Submit