9994b9e197b422529221de7238dc0e44ae21e66d78c48355f31837c3696ec90e

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2024 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
Size

898KB
MD5

5265dcde5ea6a27a3475c937b5398279
SHA1

b21450b5d007f5ad99ce2d4778bb03927cbc17c4
SHA256

56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540
SHA512

eb6aaae24da6df7e04d11bbe876fcbfa20e5f8d82b5ff7d68396e2b0537a7950c88337cdccbf3e6c76d71ffbd58388df3fc52fe737c7960eecb9f0b09d54967b
SSDEEP

12288:pqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/Tf:pqDEvCTbMWu7rQYlBQcBiT6rprG8abf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
712	taskkill.exe
2244	taskkill.exe
1008	taskkill.exe
1152	taskkill.exe
4688	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4688	taskkill.exe
Token: SeDebugPrivilege	712	taskkill.exe
Token: SeDebugPrivilege	2244	taskkill.exe
Token: SeDebugPrivilege	1008	taskkill.exe
Token: SeDebugPrivilege	1152	taskkill.exe
Token: SeDebugPrivilege	4840	firefox.exe
Token: SeDebugPrivilege	4840	firefox.exe
Token: SeDebugPrivilege	4840	firefox.exe
Token: SeDebugPrivilege	4840	firefox.exe
Token: SeDebugPrivilege	4840	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
4840	firefox.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4840	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 4688	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	84
PID 3652 wrote to memory of 4688	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	84
PID 3652 wrote to memory of 4688	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	84
PID 3652 wrote to memory of 712	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	88
PID 3652 wrote to memory of 712	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	88
PID 3652 wrote to memory of 712	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	88
PID 3652 wrote to memory of 2244	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	90
PID 3652 wrote to memory of 2244	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	90
PID 3652 wrote to memory of 2244	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	90
PID 3652 wrote to memory of 1008	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	92
PID 3652 wrote to memory of 1008	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	92
PID 3652 wrote to memory of 1008	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	92
PID 3652 wrote to memory of 1152	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	94
PID 3652 wrote to memory of 1152	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	94
PID 3652 wrote to memory of 1152	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	94
PID 3652 wrote to memory of 5112	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	96
PID 3652 wrote to memory of 5112	3652	56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe	96
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 5112 wrote to memory of 4840	5112	firefox.exe	97
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98
PID 4840 wrote to memory of 4328	4840	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
"C:\Users\Admin\AppData\Local\Temp\56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3652
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4688
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:712
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2244
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1008
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1152
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4840
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d3eaad-b838-4ab0-9d87-9782a3c52a79} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" gpu
      4⤵
      PID:4328
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f813176-e9ab-4695-9d2f-c3d326befabf} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" socket
      4⤵
      PID:3028
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2996 -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 3036 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d9f14a0-0287-4451-b474-ff5875c3e63b} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
      4⤵
      PID:5036
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3928 -childID 2 -isForBrowser -prefsHandle 3940 -prefMapHandle 3936 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {380cbe2d-ab7e-41da-968b-ba007a2a1964} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
      4⤵
      PID:4552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4832 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4796 -prefMapHandle 1668 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba566cce-c099-4c99-88ca-2a3cc9124172} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" utility
      4⤵
      Checks processor information in registry
      PID:2884
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 4252 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e27da9a7-622a-484d-9b02-a020e54bc789} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
      4⤵
      PID:464
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -childID 4 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e130799-a659-4d4a-8e86-83d184d41191} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
      4⤵
      PID:2260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5560 -childID 5 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3462b451-9326-40ac-b0f5-2af1ceaf6b7e} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" tab
      4⤵
      PID:852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
c21a3d3025f001877da3cd58a1a6ff92

SHA1
3db21d40d3bc321b5efc21d0f9483fd3c0a9942d

SHA256
0d5810b458033eda98f2a08ea96500f637b8e86c4b63bf0bb192d1bea0c3f620

SHA512
640633eb868fbe1c48662939a34cf39a8193bb7d14597a8e71d4f689bbfac03b5d2a50ddd47008baccc5d161154210c74bf64f2a90fa95cf01d46aa11c1ef669

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

Filesize
13KB

MD5
56485b3b8b784ce0d7aced6093195875

SHA1
ab04828a4b87c907802e02f21a2e639071a177bd

SHA256
2afefe56e669fd0ae49526426e09d3383293fb2acefa6311d60333932931cade

SHA512
3e8f9d667fd207ccef3b8bfb0504558204994f232f696056d95577b8d2dfb4c5d8c05a600e2cc4dc312840fa77946da4fd2e7e7180d2b29ce4618dbeab276bf9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
6KB

MD5
63aa51c15d80e8b23177e7d701314f7b

SHA1
bcc8dd01d5939013716e9461511535124438fee7

SHA256
33c7bf08a41f50a8a5e696e5aec60884eeec9a65014fe359bc1ff6d831abe399

SHA512
dfe5a3bf32463fb99766c74a0003dd38913cf46634c76ff8bea49603e28b21f3d4cd474e81ff3017ef7021e2be02b8e5944ad29ed9fc6d782c617c31ccd922a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
8KB

MD5
204b83c4dbcc48bf2317d9482e35d028

SHA1
2979157af15932d717c27653ee440ae0a2b2aac1

SHA256
fb1edae95cd760a3aa4060329e7520161b7e7cb4c33dde0e16ca5fcf9b316144

SHA512
e123e562ef6d561991f036a8a4c2788e7e8fe3a533ec384d55fde5c191b1541469364111147f682b22a364ee435f07562c62d173064d9d588843035d8fc983da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
18KB

MD5
e513aacbcb420f62c5d1dfb410408a86

SHA1
eda487dc6774d274023b86bacbf780ca2d25b899

SHA256
decf1df8d1811ea63a26ae45c5edeef95a15a5a841d52ea114bd775ac4c81ba0

SHA512
ca8a00d91e596d32e4b4501e241bd9c33d5e5938e7eff0b77a79d87359358d7dd17936ab381a1f0fac416a1e5820e49c0dc886d8dcc95814bb10d8fa350db5fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
12KB

MD5
df8dd891d718cf111f68d603b9722c64

SHA1
54f8734669f9e0c6e9543ac6a3bcf18025050b72

SHA256
19612f83916f7436142978efd14a1eb326cbb362517244721b198c098e8454cb

SHA512
3143c763d5aae0e0383449a608a9bdaca590d700cc49d069ee431d0f3fa69d921dfea3678ed6d7b56b1109b28f66e89b5f0e0c39b1dc3f0253e129c024f20d0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
255d8cb15669495bcab283fd077bf732

SHA1
1a825b0e148b9e53b587bf8d9074dfa79ea91dbc

SHA256
5de918fcd3f7623c32987e99df04bcb4bdac0ef2b7ef0d12636f61c089248a4b

SHA512
f02e3848b5b6be9eb85a133e57277754f8dc7bd45010cfb398eeb3fd4bcf5536edd7347cade913a3b11c7ead7494161c77f7c3d13fc3b16725c1681fd3b49530

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c046a26db7fd5dbfea888ec88bf71fa8

SHA1
d3ba6b53b6cd648d2375b96fd0420539f307e0b6

SHA256
10355f41c6f43cad625546bbabc67886fb76a3d7b27bdeef9a67cced512b7c66

SHA512
652d1f0940b923a73ba8699a32e6205d6b1847b0beba1a2f3928c657acc65a847aff8a4cd25ea5c607963e7e6fbb69febba92ebd8f559473c83e366f55c7d707

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1a939a572338d3582312d007915586a5

SHA1
ba8cea72907fff6e7fb47efde525dcee3b747d96

SHA256
dda8c120b5f984dd52c956aa4565863dcc7b8529b7a9acc9ed341a8e7c82ecb5

SHA512
8031355aa4c3553ee0dce17abaa63bc2c7d5676429985d20e134ba43c7ad89a908e39def0877eee12a1f28828027a649730deec0d0dca5a9f3319000b05f79ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
37b48a23bb3307e5ae41cb6f01b7d0e2

SHA1
cb66d3a0f9518a5288442e53c71460b894a3408c

SHA256
d54ddaaf7e55e6c15a741da891dff6cd4158609199df2c614685dc771e6810db

SHA512
37e24cd11f2fdecddc338278bc0e7a934dc05b284fb7a5f4af0dbc733312cd97de9f51a2520fc7078c854166559453469df7bb06cad3907a4b56c2d12c957fba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
06907c75fd912b33047ded5ce2812285

SHA1
227e4573d89a572fe0bb773a30b3dda06d456df2

SHA256
1aa13ede9bbd97f1761d1271367e9e9c43e307950669ae9ce2f05b93c9dccbf9

SHA512
5b95af536fbc983b6fec368fe41de36807fd4cf98f36c40ad201fe97b71a3c8f4414acc34eab477b810c60620e7eec4240f476f1b238d1350ae02e14302b251d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
16f94a65c939870a0f0595a7904ad683

SHA1
04addac8d195ba0ad43f9b13acce0f5eea3dc2db

SHA256
2770e6c9329935572cb9246102b8dee3d91ecd742adff5b1709ba49dadb8770e

SHA512
cd7bebfb7dae3f85b8359146272ca35f1a33a70c5bf31489edf0aa693ceed21a311ac2b232ee4738bac881a44a691864ab8dcb65734b1d13f043cad100c0ac66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
348b7bd4581385609c2cd9d44b803d23

SHA1
b7ed99cd8e94aed90c7b10954ddf1a878fd061b8

SHA256
6cf6fb7f779a6aa7e75a5540ba8dd92014a08bdbbff0ed37689f90322e1b9907

SHA512
f1c71a3fa3e04fe1e79bb754ef4d9ec784088d5c741f1a746619b0e477766bfadb564f235c852abe8e5f1378267bffcb1391f73bb4f0779378d55df0b2f3d47a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\4e0d32a1-09fc-402a-9796-698a05139a1c

Filesize
26KB

MD5
82f2ca8be945128e65515b744012d2e3

SHA1
2ec2be8e45410dea063a836fc0b209a86a205b43

SHA256
ad8921a9a638223832b4063d547b6d576236bfdf22dc4073977c1b791799587e

SHA512
efce8581eb13d08e72bf95079616a2fc5911c248ce943cbda6efd82090a83482917fec0c2f68718e7a13107aa2d27d87a1e9a794bd5b5567f9be7cef930d53bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\b216efd6-5f35-47b3-a043-ba8cb7339681

Filesize
671B

MD5
be68e756f66bb82624f0f15e6bca12c0

SHA1
b7e6a22505bad4bd2e0f1b647615b17c74a3ec4e

SHA256
51d07d6a1aeb9fa10df35004a8ce539f2d0d822c757d6656bb33892965ac60d9

SHA512
b0919ab2a827d5254652e01fa212f76d1797ce675f78100dea2aa1658a2a1e6967641e25fcbcd056d87c5bb093734b8c67cb8ede6a18a57fd6f069b2ae87ae07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\e3b4b36c-408e-4a8f-85f7-fb7d8a0927f6

Filesize
982B

MD5
125abe75dbf83dc18f78f6810128b165

SHA1
043a913cf1793ecc9c6f4c0f1e2146b110d48878

SHA256
45d9456c83dbe592eeacfc48269e051ed947d7122c7624fb7e2e79db50c22e24

SHA512
e5698c1a8f8b3b4824d5353f5fa9f265ced245eba90a2a3686d2ff0c769be40a6218c27299e9a050fa8bb15e0a5dbceb3831b9f5a549cfa5124c158e4400a466

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
11KB

MD5
1f02d3b1cbf53be3d0c8653bc762e006

SHA1
8b46c4869d98582cc7c1d1b1e0f2ea40a73bda38

SHA256
b1ee061803ca599a8fc85102eea0ceb6a5379e80dce5ad0fdde6e68ecae19e0c

SHA512
57ab2a36ccbbdbf0d1106ab2782a30726d27b9be49622c50cd4672823e492ad8d8705b12c135c39d96969d5a6d76af88824e8d6a5505544c3470d67d1e433bed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
15KB

MD5
8898c65c1080a23943a122c534509127

SHA1
db5cc90c78034b8d8b30c3467719cae4076d99e2

SHA256
00ca726f3d59dd0dbba14dbb6e282d7f4987c98f8c46f78fdb3814590ca65b60

SHA512
efcabf36f953ba03cdb735808151c998dd429e05d6629ded1ed076d76687801bfdd6cda63cad144a361fffffb43184be56f4e760341414adcf0a2f186b7719f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
29c2c66067a76b512a04b4469393d1ee

SHA1
d4d3a7c2db83ba5fc75e1f68ab4dd50f51adcb69

SHA256
d937e06e62e484c3cd81f81f3027e68f42b262474a95bf6aa4a1e36da7561930

SHA512
fde646556a42f734a5cb0fbebbe6f1890931abbb819812c8182388d33bfff3df6bd554ea5e6f295119eacefbb32c5c5263ee776dafa3e3bf4bf556456fed38e5

Download Submit