9994b9e197b422529221de7238dc0e44ae21e66d78c48355f31837c3696ec90e

Analysis

max time kernel
126s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2024 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
Size

898KB
MD5

c2647ed78c0ea89aef2c32aa4e0f7770
SHA1

9be41ba2467fc53a7eb5d34ed15bf11e392e89d0
SHA256

6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6
SHA512

959c8a7f5ad8387200736043649c814ebd5948a25f0878d6d6cbb18396762959d13878a7002c2303abdab5a0fb54381aa3318529568717aff6c784a721d6abdf
SSDEEP

12288:1qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/TH:1qDEvCTbMWu7rQYlBQcBiT6rprG8abH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2232	taskkill.exe
3676	taskkill.exe
4816	taskkill.exe
5036	taskkill.exe
4832	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2232	taskkill.exe
Token: SeDebugPrivilege	3676	taskkill.exe
Token: SeDebugPrivilege	4832	taskkill.exe
Token: SeDebugPrivilege	4816	taskkill.exe
Token: SeDebugPrivilege	5036	taskkill.exe
Token: SeDebugPrivilege	2848	firefox.exe
Token: SeDebugPrivilege	2848	firefox.exe
Token: SeDebugPrivilege	2848	firefox.exe
Token: SeDebugPrivilege	2848	firefox.exe
Token: SeDebugPrivilege	2848	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2848	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2232	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	82
PID 1612 wrote to memory of 2232	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	82
PID 1612 wrote to memory of 2232	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	82
PID 1612 wrote to memory of 3676	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	86
PID 1612 wrote to memory of 3676	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	86
PID 1612 wrote to memory of 3676	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	86
PID 1612 wrote to memory of 4832	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	88
PID 1612 wrote to memory of 4832	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	88
PID 1612 wrote to memory of 4832	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	88
PID 1612 wrote to memory of 4816	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	90
PID 1612 wrote to memory of 4816	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	90
PID 1612 wrote to memory of 4816	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	90
PID 1612 wrote to memory of 5036	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	92
PID 1612 wrote to memory of 5036	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	92
PID 1612 wrote to memory of 5036	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	92
PID 1612 wrote to memory of 2300	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	94
PID 1612 wrote to memory of 2300	1612	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	94
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2300 wrote to memory of 2848	2300	firefox.exe	95
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96
PID 2848 wrote to memory of 3216	2848	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
"C:\Users\Admin\AppData\Local\Temp\6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2232
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3676
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4832
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4816
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5036
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec957fba-1217-4c23-97e5-54a73a103d02} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" gpu
      4⤵
      PID:3216
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e6acf4e-347c-4de4-8c1c-ed5cc9c711d8} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" socket
      4⤵
      PID:4628
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2984 -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3128 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23756316-2434-41f2-9edd-afd7589b98b2} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" tab
      4⤵
      PID:4892
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3460 -childID 2 -isForBrowser -prefsHandle 2580 -prefMapHandle 2564 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67f2c30e-6132-429b-9dd1-3707300aa8c9} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" tab
      4⤵
      PID:1872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4808 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4800 -prefMapHandle 4796 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf4ed080-b8de-4219-9fad-74f18944b476} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" utility
      4⤵
      Checks processor information in registry
      PID:1088
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5328 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8abc217-de6e-4ce8-a567-3b041d72b200} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" tab
      4⤵
      PID:4552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 4 -isForBrowser -prefsHandle 5480 -prefMapHandle 5484 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f26ab2f8-b403-441c-9fe9-8935f2b4ef52} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" tab
      4⤵
      PID:1384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5360 -prefMapHandle 5328 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d3fce9-836f-4fa8-af57-3dc0d28c55c7} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" tab
      4⤵
      PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
62389a9d934ed42677651a284f569d38

SHA1
bf8658358b58cae2a6871b4a41258583efa1b67b

SHA256
d4ab0d3b36e97116b280bfc7e20868ad7dc59c9c2722f47aa709bcd44fb145f6

SHA512
07bc32ee77dccf851c0a1e67b5db2a05b2444f86c531e82ef3b61febc5860de2b9cc8d6110c6d35d97335602bad728267b99f464a50b52282999fadbab29bec7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

Filesize
13KB

MD5
b8bffebf979c407329a15d4caeae6966

SHA1
89673cad36c5bfe2d558731a47b7693257c8ad5c

SHA256
a0152c867c1ace1ca62e07f4a9c27de258f04c3bc7464ad28bbb186c6d46faa0

SHA512
5540c8e1c8aa597f5dabfb2344112ea73a23a0970aa0b49ca7c06c512fe80abdd3d0618d659bfec3f1533514427fe9e646927958925a1d542a96c4f6b0a93d17

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
12KB

MD5
b89b04a929c043d040b0bc220f5fd0b8

SHA1
cb2b01eb2f33944c0175c3237833993d88abd109

SHA256
162bea51d45d910c7e8bdba0d7e331499895437ef903a4298c1652ae1ff4b372

SHA512
f4d70295e0c3283dadef307fab3186d17f8652999d8f1a0e9d3ecd15fc44b2d38f1a6a3cca822ec21080c1044dfc84c6634ab8430333cdecb7254674f013f377

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
72d40aad34a955e3c9e9c165a3072aa7

SHA1
20b5cf10289f617ab0867e450bd87ff83b359114

SHA256
0c54d8fee85370ecd0dfc2f6a79708afee93933018ce094835d5518d656098af

SHA512
68e24faac3cc858008338b58c3566db9ffc01a8176943cbe5cbd25cd2f4f663a0ea6457950ffa86b6e65dba4a5f98cc295278819c6c177d42cd41101752b858c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
893e8cf274ab2509be65d15016af1f9d

SHA1
7ab4af3545a38f60ececf59879bec4f53402489e

SHA256
1648457ce2b77a797b4485b0698d87c0c0af09d5c144e15c4ca665a37f495587

SHA512
d21c838fa46b2b1580bc902d19fbaf6c66bb755a27cde65cbcc833182e574e80c77a50edcf080ad5d1468bc9aacd586b20cff36cb96fe955d5f8faceca122c8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
c71add3582b01bdedfdfb21918d25ee1

SHA1
7845a492f157f73a74e25cc8d7e65639a74d9273

SHA256
8cde30fb47d6255294721c558e88ee209bfe1885fb6bddfc171e379155402664

SHA512
1e52ca10058e1f18bbdd9bf0da5c7f4849602d6e426ac028fc7512713b31d7a5a4e7030a3b6fa495178df7bf8935259dbd0fc39f7f156d06f5c6143a8ddf8541

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
841d3063098d4c3157dcff33d525c637

SHA1
eda1bb282d962f254324a0456e1c038ac7fb2d49

SHA256
dd67a29da5b5ad3797278bb72c17001195da9ecc2ce2c54eeb2f76c0c8176c3f

SHA512
4d2d2e7df69f87ed5d6405d9bcb79a059543c4ab863e4e815066c42628c7473057d6f9373ea621446c28233eb936c9ed72a9989ede8ff82635968d50285aae06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
2c65b61b04e403bbda826848e0e8924c

SHA1
8efbeeaa2c72b21690cef21c421822983e1193c7

SHA256
c45b32e5988298759679ec6a90f1038111578e2b295c270d876b985bbbbcbd12

SHA512
eebba313a8ecadc753503ab7359da965cf965ca6938e0630aadabe1b55170a3feb36a6936a9b9493266ce786d630224deb2bb9af68439e6b7c4422fd7d9ce003

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\01f4d5a6-101a-4327-912b-ed873c5106b8

Filesize
671B

MD5
34d40eeb8808fb4bbd28424864d2a3bf

SHA1
064326a09ace69d66fa8b48da984933aa86a7bde

SHA256
20ca7dc8755475fd7fec5a292317aef4fac9ecf7b5dfbcbd793cf4c25c9dd606

SHA512
8786de4126ac613e6602944cf1c1c5772f3c41b5792a57e71d411db502276fcf70d4bc3223039c9a8a09b19b57faa500024124ee74313e246053dbf61023cd3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\68d13351-acec-45d8-97be-ecb9e302dfa8

Filesize
982B

MD5
c3df5131ecb58005e98a9947b45d338a

SHA1
61c90e38f10af7932f9dfcad69859fd6620673c5

SHA256
a7dc0f390b8610de81b4533f691fbfb9c689a4408551e9a815e8a71b69758c33

SHA512
00d7651a662379c910304016c0744052c2068a1f357a315d978c1b805646cbfe504804888576097cb7a0f4961a58cc2480ef41e40709bf887bf41720c7b03819

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\9f8aa3f9-382a-4569-b6fa-84ee70695322

Filesize
27KB

MD5
e10c24cfb8e2599b7afa117e66790c35

SHA1
7fcae1be3109d59ba5c1ab73b70957372bdb0d75

SHA256
a620a2afb3427a84e70515abea3ba413a2c91066ac0a7d872db864c3b61b3dd0

SHA512
ccca04a22ada6b6f25e374763e09679541ffee27f23da11d4f08e2864d8aff2101de07d5eef40958958895c1f4b219f9a31420eeee65503f3e47c920570dbd59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
11KB

MD5
d4ec314c3c09faa202c394590e7aa608

SHA1
fb49c209c43e40348b7a613fada9acc182d71532

SHA256
0ba82c1a5512d92b6a48f26b5ac78c1e0379a29ab40f9b9c0aff867f0f5b4e3c

SHA512
750592a397b0cc99254348fbfab606c9fe96ade51f101acdcf6868ea42e087bbf9024b304342d6f5de6df784402e6895c49fd3f6ae6488756a3496837576c596

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
15KB

MD5
b2c20869f31d9cd7894a411b29b8b134

SHA1
5fb9d662e9a7c83a78017b388b22d7c82f077ca8

SHA256
edd873190a9615370420a94cbca2e7c154cc9aa72a4c2f75b100d2eddcd13735

SHA512
576bcb9c72b96de00ebd1ff570c8d57aab473a1788570b3a269d41f01de4ff26936e31e245b6700e4040a970fbf6a050e6eca2186d03ec19a2ac5e1b5e4d9f88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
11KB

MD5
405245768127ef9076d61baad52b9015

SHA1
002d1d9d16d1e189e9564b8ad71785cfc6f306dc

SHA256
a0eef16c5efcf32b1bfb7671d5f556c6747e684e2de598c8416623d79e2d520a

SHA512
979f08a4675c9506a994652970f7284f56e774ee1f2e3872008b8fe492dc5222829e95682d77a46c1761492c8976df6abb537bc0db98c95b511db67971ea41d4

Download Submit