9994b9e197b422529221de7238dc0e44ae21e66d78c48355f31837c3696ec90e

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2024 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
Size

898KB
MD5

c2647ed78c0ea89aef2c32aa4e0f7770
SHA1

9be41ba2467fc53a7eb5d34ed15bf11e392e89d0
SHA256

6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6
SHA512

959c8a7f5ad8387200736043649c814ebd5948a25f0878d6d6cbb18396762959d13878a7002c2303abdab5a0fb54381aa3318529568717aff6c784a721d6abdf
SSDEEP

12288:1qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/TH:1qDEvCTbMWu7rQYlBQcBiT6rprG8abH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2624	taskkill.exe
3708	taskkill.exe
5092	taskkill.exe
5040	taskkill.exe
2168	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2168	taskkill.exe
Token: SeDebugPrivilege	2624	taskkill.exe
Token: SeDebugPrivilege	3708	taskkill.exe
Token: SeDebugPrivilege	5092	taskkill.exe
Token: SeDebugPrivilege	5040	taskkill.exe
Token: SeDebugPrivilege	3960	firefox.exe
Token: SeDebugPrivilege	3960	firefox.exe
Token: SeDebugPrivilege	3960	firefox.exe
Token: SeDebugPrivilege	3960	firefox.exe
Token: SeDebugPrivilege	3960	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
3960	firefox.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3960	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 2168	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	84
PID 4580 wrote to memory of 2168	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	84
PID 4580 wrote to memory of 2168	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	84
PID 4580 wrote to memory of 2624	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	87
PID 4580 wrote to memory of 2624	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	87
PID 4580 wrote to memory of 2624	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	87
PID 4580 wrote to memory of 3708	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	89
PID 4580 wrote to memory of 3708	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	89
PID 4580 wrote to memory of 3708	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	89
PID 4580 wrote to memory of 5092	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	91
PID 4580 wrote to memory of 5092	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	91
PID 4580 wrote to memory of 5092	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	91
PID 4580 wrote to memory of 5040	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	93
PID 4580 wrote to memory of 5040	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	93
PID 4580 wrote to memory of 5040	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	93
PID 4580 wrote to memory of 4084	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	95
PID 4580 wrote to memory of 4084	4580	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	95
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 4084 wrote to memory of 3960	4084	firefox.exe	96
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97
PID 3960 wrote to memory of 3216	3960	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
"C:\Users\Admin\AppData\Local\Temp\6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2168
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2624
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3708
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5092
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5040
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3960
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f0dda58-04d0-4dca-a931-367e8fbf6f0f} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" gpu
      4⤵
      PID:3216
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7caa09d-e089-4688-a8f5-1d70cdcf9f1b} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" socket
      4⤵
      PID:1512
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 3028 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d692a52d-8567-4ec8-be04-de81d16e3ab8} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" tab
      4⤵
      PID:372
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -childID 2 -isForBrowser -prefsHandle 4036 -prefMapHandle 4032 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c79c1573-78a1-4b2e-9c7f-f212770681f6} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" tab
      4⤵
      PID:2020
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4792 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b120a89-b89e-4c3f-b4ba-39bcc5161a6f} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" utility
      4⤵
      Checks processor information in registry
      PID:3008
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -childID 3 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47a63d8a-d405-423c-ac7c-fce0f6c99105} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" tab
      4⤵
      PID:1476
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5284 -childID 4 -isForBrowser -prefsHandle 5296 -prefMapHandle 5136 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc8ded1b-6e82-4570-ba1e-5a3af58e751a} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" tab
      4⤵
      PID:1692
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5556 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12f0f4b4-8c33-4dcc-b0e7-8ebdc9caf137} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" tab
      4⤵
      PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
f6b12153a1e9e002f43a7dc0852825e6

SHA1
c7647f61d70d9f7df66a89cd32793983f21ce5d9

SHA256
ae12a0edc72bab4cc9a6e6584240b540cfe019a1024e609c56a27ad348e70e13

SHA512
3c31dc1e56fc6ecc6f61d753c182b5e8cfce4bd3231ad981af1c0b25d27fda3588bd5df7afce60bc1fabfc308c87027828f20309e498edc2bf521b3ceada5eaf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

Filesize
13KB

MD5
bad29b995e8cba430eb73b2755405247

SHA1
d60dc121590618739ccf7bc404bdedf90b059173

SHA256
1caef8c8a0572c72dddda401491b5d84f76257934be78a4e66348cdacbd033b3

SHA512
03d7033eceecafdb66b9fcbaf9e455124c034ca01efb94f60672efd3f381751137308574cc3a5bf64db3b494eb8221adc4f76aa74ef9a487125102ab82101dec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
6KB

MD5
b21ac048532fea30d5e2ebc680a4fecf

SHA1
c1c4dfe912787969442dce369c4d339f495da03d

SHA256
0a50682d3bd2717e55d14a2d38f4d0ec5efbeb6e1618c0b3f4b105d9bb3c207f

SHA512
cbcaaeae5c60b4b3b4fffef33cdebec49bd1da9d23ff3cd4020c4efe4149eef7e1736da0fd21dc9df1b92106d18748897423b76343ceb697cf67c6b31d16abce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
8KB

MD5
d536df3421e1fa56823fb8f2019a095c

SHA1
e2d379fba063d3c2aaa4167beaf2c71da3aa9d43

SHA256
27df25736943e73169bb70e8f1a335f159aa203181524fd9e75cf02c6022ae9e

SHA512
9b45c941baba950ceacd55189cf07bd0cae2aece9f31d3b988fd654c2f49e87f40c871d62eb0b8f8fa591c227d476aeb592ccc71f63f7b57e4edfca39916bff1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
18KB

MD5
edaa9ae3ef7ed3dc654c1319597dcc3b

SHA1
b683b68f4d74b1948239f5eccc6341c2cab66b6b

SHA256
ad2a4b40d3fe00aea82ddcae66ec14eb2ed1595a170ae069654965df05517823

SHA512
20de09ee7dd12820d38817222ae34d2aa4a664cf471887641cc71a505ebabaa0c77da37f1d4c7334c32082a69088cdb53a6eb911258d6e9e991719097af4d15b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
12KB

MD5
73035d376af49409b9ca94ceadeb7851

SHA1
e8f7990016909a65c355d14e350f6c3a5d72f4c2

SHA256
2516b5ed1bdd8110c231ebfb52fdbb90c61202600cc22e42edd2a8605c84b971

SHA512
1ae173600ef5d170baef3d8c85c1247a08694819f7e325b60b6b2a5457acac38cbc576292990e160757fa9eb354de6e1546f7b4237f2f450a94eb5e6a8d86bff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
923cf40315612b875b55ffa0724263d9

SHA1
9c80c8a11424a988914b550fadf2da423d76d8a1

SHA256
8878c02661943e9de26dc59accb90fdfdebf85a55b395fa31c328420fc9c4ce3

SHA512
e303c9cb5f5227fe733dd6a5498991664990095547f648b24d39721d42a639021052af96b4a3ae1966fe8bdcdf2c9e10c39387d9d1b8e2d2290b6a20d70f1c26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3c18b890729044fc8af1439a2cc31ea0

SHA1
6a101e9c8954d2b5ffde73444b7cfc56b2d0d1d6

SHA256
b7bca575f63d187413958410ab4439c3cf94d3edb5d0afb19b342882bafc1c5d

SHA512
f9a02221aee8d55d3711d7be9b46a8e320b21250c51c229edefb348bd797086929a18266ee44d9fa7b5fd3f354e1585e67bcba3dc40a728f51bd73ce12ca9a4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
030e675dc9a4a1f7c9f595db7167cb8a

SHA1
4eb2fdb81d83f211946ac34df09b70cb28b8dd99

SHA256
2f229406d16ddc1de3d9857146ce8c388acab92cb9125d3ec2d820b83ad4ab2e

SHA512
3b71ff8e4b7800a7371603c3eedc6f364d73d9da7a14aedece96e32305339dde0aee1cc3a49f0d823e31d2abe4047b49a284f5321849d6951feffc4817e19703

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
d1c77336dee9a2caeab88cb797632c5e

SHA1
819612fe96b5f1ab286ed01f4063097fdb78881b

SHA256
64c53270d4fdc055c658c7a8791878630d8864628224f8f41b3d7de3e5acd0e1

SHA512
2572329cc74dfb4c8ae37342896977f207a54337c59bbbb489c013606035bb20bd16f8dcd9d6e2f234c307f99b1a5c09b5ec7e86ed007e636298ea66a37b9ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a366c6d87f591b50f6db0c97c207b49f

SHA1
bc3110b46eaa592f49faa1c42341948f0ef00d52

SHA256
15ee7744892813e4cd600380f8863846579456542a9ce79817214dc7224c7ede

SHA512
e1017e91a517402ff8f94ef519301a1c981203953204edf4dbc37c327ac1339158868cd0a363084ed69e90782e89e72e4e07c0e49f22545d13bf17deaba20b73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
ba5eb76dd6476ae4bae0e34276cccac8

SHA1
ef786852cde301bc1847b4e4d066cbc1c2a72e62

SHA256
35fda0b191638b4b12e53332702fddf983cd3ab4b74698655c46e8295fc61702

SHA512
53c704477468cf14af6d42bdf007865d6632bfd5df7eb396e1dcc32cef6c394b77238a94b0f13ac97cce2db64a034fa4a3cf49a9838aebdc22a85bdf5ae2a74d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\80c30c13-e76b-41bc-acfc-ab7a4550e8f4

Filesize
671B

MD5
4abf20ef180a7d016b31d7cccd3ee1a3

SHA1
98c6ac8047f77c587d0e7e1c2498c9d75ad5c64e

SHA256
217282ab8f8611dfad36e56af63c05a77a4f49039d565a51f387d8b8b8d1e8d3

SHA512
abb69b5d405e02118ba92a07ad580f611944f79b2343b34e736e0e9d301843d9f9a91fb12af22109cb2d80968efa2803796cec2cc74dd35f34f3703d1efcdabc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\aaa83f8e-e7c6-4fe4-82a4-fb78636e153b

Filesize
26KB

MD5
f32c3d458a1363d1753c7fd4d76b90bc

SHA1
2b36705b2fe96b52d3b0c5497ac328e080ef01b5

SHA256
d64ca4082e4e16accd862e9b91b8db6aa7268875ab8b4889c5cf0e54d185abd7

SHA512
92eb18910186262ab5947fbe9c3d7ff3e9b27a8d347a5dfd61f66c6ae6525bebef66eb5cd2582738a2460bdafaa6c6ea546b78bbd11e08dcd0e33c2bf6927aff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\e7a8f0da-0863-440d-87e9-29d843428394

Filesize
982B

MD5
0d88d723eb2dc22a55e6d64a023fa8e1

SHA1
bd0a44372f2978be2c84ced68d854cf77778c2af

SHA256
24548e731034ee7fb0f9e0fd21996edb8654799d22bd2c0f36271bad926619d8

SHA512
90d64fdc7d3163fca4f04714dbfb2bae717e419780e43e9030413d707fb5e64952517ec721bedafe9ccdb7e0b7ddddb4845c3ef58fd16e98c50f02c9db863ceb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
11KB

MD5
2a4f524112ab946443e114970067da37

SHA1
86ca916c22a9cb309cccc86e422a1a4e49f95f0a

SHA256
5c7a3f175d12486ad549774843acf5ac057e8ce2587d872891ec8737a93f05e0

SHA512
d12673732df8dd087db791fbd993c85c6c25687abaf9a22b36f9b25954f777c0376774d9c74c83cf5a1b6baab3f8f98efc510085ca37e03a69818fabf678101b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
15KB

MD5
ab8c2e54af27f37631d7e3dfd4ae33f7

SHA1
10c3ce7a04725a92ad32bf840dafdf8d10bc0b4e

SHA256
d93c5496cda204ef0f87609fa381d6480d2b30334fad470add9c6c24094d01b7

SHA512
f7fea527e2087d36c18196777f9a5c39aabda39d8860cb2372b5901a5f6c305500a4f93ae5ec2f1f206a923b9f8b4b39c86c3e2c899cf26925afd81db76379b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
11KB

MD5
510753c03d3b58e6a8db11e55b2d1da7

SHA1
f2beaf5b92cc0bc622bfe28ce727741af30db510

SHA256
4b055c2195296528054fd58885bef405a297c5d14f9a7e8bb31be1d9f657bc6f

SHA512
84a523b0df9185e9aa10548bbae375eae6a817c92abd0c730fe206784402588837ffefa1e83131f5a6b82189936690bbfa08c3d291d57481f69de0bb063892c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
71376e00a2b3cc82d0e10fe776dece22

SHA1
2cc6ec22fb5003f618cd30e9f0a90509929d6106

SHA256
92945142e77a8eeeea641156a69bb9d358dfd2e908b36eab147416dfd9dd1b09

SHA512
2059fdb1471514d523e4cb21a703ff67b50af30fae23218bdbd988d1cdc8de506bbaa9c58850d4e9fae47a9f96950a4c06856fdedf757becdb008a4bfa2c0034

Download Submit