9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
220s
max time network
261s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (10).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
768	triage - Copy (10).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
768	triage - Copy (10).exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
768	triage - Copy (10).exe
396	firefox.exe
396	firefox.exe
396	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 348 wrote to memory of 396	348	firefox.exe	99
PID 396 wrote to memory of 4584	396	firefox.exe	101
PID 396 wrote to memory of 4584	396	firefox.exe	101
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 4184	396	firefox.exe	102
PID 396 wrote to memory of 3096	396	firefox.exe	103
PID 396 wrote to memory of 3096	396	firefox.exe	103
PID 396 wrote to memory of 3096	396	firefox.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (10).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (10).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:348
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.0.1189338416\1748428352" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc9feb0f-0c96-4822-9039-4f3acd5c9fbf} 396 "\\.\pipe\gecko-crash-server-pipe.396" 1972 14c27003b58 gpu
    3⤵
    PID:4584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.1.830148746\731250521" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1710abd3-886b-4d7e-b031-d02edff6c625} 396 "\\.\pipe\gecko-crash-server-pipe.396" 2380 14c19572858 socket
    3⤵
    PID:4184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.2.855716420\1227213834" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3192 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3364daef-2277-49f2-a6bf-b850f405bfeb} 396 "\\.\pipe\gecko-crash-server-pipe.396" 3220 14c29ea7158 tab
    3⤵
    PID:3096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.3.1793243311\1956552461" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {841d5b3b-281c-42de-96e3-92d14fe2ae60} 396 "\\.\pipe\gecko-crash-server-pipe.396" 3572 14c28a1f158 tab
    3⤵
    PID:3648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.4.1193474116\569826055" -childID 3 -isForBrowser -prefsHandle 4556 -prefMapHandle 4552 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5259766-1ec8-4fb6-a485-05aec274ae50} 396 "\\.\pipe\gecko-crash-server-pipe.396" 4568 14c2baa2c58 tab
    3⤵
    PID:5180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.5.495762102\1930035455" -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5196 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9e9976b-35e2-4c9e-83e3-c45add96fc19} 396 "\\.\pipe\gecko-crash-server-pipe.396" 5208 14c2bfefe58 tab
    3⤵
    PID:5664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.6.327862765\1240191522" -childID 5 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {060010fc-fba2-4840-86ad-d3504b5b8dae} 396 "\\.\pipe\gecko-crash-server-pipe.396" 5176 14c2c0e5c58 tab
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.7.1469865756\243900301" -childID 6 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a21247d6-8a92-49f0-ad0b-fdffdf709738} 396 "\\.\pipe\gecko-crash-server-pipe.396" 5520 14c2c799558 tab
    3⤵
    PID:5680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.8.1514288941\1700750981" -childID 7 -isForBrowser -prefsHandle 4796 -prefMapHandle 5752 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3bcfa0c-b8c3-4294-8e77-00e419f5d867} 396 "\\.\pipe\gecko-crash-server-pipe.396" 5216 14c2c71b258 tab
    3⤵
    PID:1172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.9.957160380\1117008022" -parentBuildID 20221007134813 -prefsHandle 2852 -prefMapHandle 3008 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {490115bc-5a76-40f9-b169-0f053fa81034} 396 "\\.\pipe\gecko-crash-server-pipe.396" 2992 14c29423b58 rdd
    3⤵
    PID:5644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.10.226348435\1390852954" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3240 -prefMapHandle 4792 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c7405b9-1879-4ca6-9245-b8036ee76b7c} 396 "\\.\pipe\gecko-crash-server-pipe.396" 5320 14c29425c58 utility
    3⤵
    PID:5788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.11.1858642324\603519192" -childID 8 -isForBrowser -prefsHandle 10176 -prefMapHandle 10180 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2cb1933-9de5-4345-bfb1-c07b21997f7c} 396 "\\.\pipe\gecko-crash-server-pipe.396" 10188 14c2b89f658 tab
    3⤵
    PID:5208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.12.261010468\1684565684" -childID 9 -isForBrowser -prefsHandle 10160 -prefMapHandle 10024 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baf97ca2-a60b-4df1-a7c9-0ff203e9f01e} 396 "\\.\pipe\gecko-crash-server-pipe.396" 9948 14c2d2b3458 tab
    3⤵
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.13.631749695\2065522051" -childID 10 -isForBrowser -prefsHandle 5332 -prefMapHandle 5344 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e721d49-15fb-4bc1-a1ba-043ea8b578c8} 396 "\\.\pipe\gecko-crash-server-pipe.396" 5496 14c2c79ce58 tab
    3⤵
    PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=2272,i,17338911640954948469,1637568328132129119,262144 --variations-seed-version /prefetch:8
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\12201

Filesize
9KB

MD5
5181d7223f1607fb8650d53c3e161808

SHA1
3b807d54c8870f554b23bd6aff8734810f9f62b7

SHA256
ae08ba813a44550fe42197f922232ca56ea34d209464771cfa7c7f330d7b48cb

SHA512
030d83fdb84324de04972844ff6685bf74fee8fafd6cfd92437e3e90785548e35bb865b8735f3303d135f719ff430d4bd640817db7d22cdacefb99e18ec6c590

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\14342

Filesize
10KB

MD5
1a832d15f7212d12e5aae92675e9eade

SHA1
1493f6563d768c0e5bdc5bf590ea2cdf9163aa97

SHA256
d840a714c0a965f587c9bead535de11dd76eccf39dae4f16ac8a00933d68ed2f

SHA512
e62984f06f2661f95d08ddf89908593b764b5d6a7a0f01a0b903f681cf06f393ae7937d97840da04a03cdc50d821296bb0922a9ae1b8bf19073f7a8d2b282b12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\14871

Filesize
8KB

MD5
3cb2c4c9b0e15ec185d18c4770492384

SHA1
fb607c384d8a36c50085105b5dc18877b6833693

SHA256
ba40d3e91a7193831f7a4531284877627b76004d03c8f3b3f97eea123b006c2f

SHA512
7d9102f1db982014ad8a549bf930b4f043de95db2a70011db4bc4500a2966698951d1152ab68a64ac210837f160624829c59feab41b56fdc423d875da845a62d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\15280

Filesize
9KB

MD5
4bbf23af14a884284be5ca61e8bdb3a8

SHA1
b6b5539351788a4a6447aa361399f4bb1d886af5

SHA256
d8f2cdb44a5315f51736790171607e504be3e48f5aac09c88171c3e04c073fc8

SHA512
2ad7b49a463a9e2b03a8c1bcc3d0b95fb969084d4d179c54e71063522f788730c5ac52a3e2a1aa2c01170a1e7c806d5f5aeb64de46ae0bc59b781fd624b16b19

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\27755

Filesize
9KB

MD5
1f93d0a96d86d946e1a63e8d1bbca0a5

SHA1
0c87d741d8543dafe51a8f5cec16e28d69082dcb

SHA256
97a3b3f7b5d502cb0dfa7b297c8caa06dfc6b631a0611683622a85fedf9b05f3

SHA512
35a04b36f1df410496e6fc459bbc18a05e7e36b81ff903b0fdca849f32b77942e94eed69ecccd9ba11425d906765e1c8daaa2b53d2b2aa92bebd470f056d2e30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\32154

Filesize
9KB

MD5
4a63b3e7662db2ecaae0f77b257d0cd2

SHA1
06f2a1f49c21551030524d63ee91ffc40225031a

SHA256
79e02d5f60a1e6869bba04d916f54e766d6a522c28c72884a566f9bd753664ad

SHA512
15aa3afd13ce95c3dc182b16cc3827097be5bb8eff4c0a405244dad36bca2a9f10c8df0b523123277b59df24267b06977c16bc98b66aa9b4a487663359a6968a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\32580

Filesize
9KB

MD5
6b3ed5d569d4efe2bdcc5513fbe19b08

SHA1
db1d99b1ff2f4e5818a34fe7c712087d6e78073b

SHA256
cd825ef082357e0c8f77b34c28dd855c95cc2f4e5530f2336fe837ee96a6d07a

SHA512
9402f59a031263c1430ea90b8ff87c517002d63d196d7fb6794546a283f04814cd4b7d8ed842fc80d6dbb0a8b1baf625169e4ee85c234008fc4a3f44bbf160e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\3584

Filesize
9KB

MD5
4cf858be3ae804d5151552186c61c295

SHA1
7669d4fe302a3847b84886f564efef0fdb428ebb

SHA256
61006193b240d95e6dc463e09cb8d1c9b0ad0ece3fbd7da646bb359af6c080e4

SHA512
121111fd239ebe0e624978018e8dcaaa441d1ba46159f74fda979e5ba132fed3048e5eae702bbe78856a914c01749d241369afa0625a73442a801e06bcf6538d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\5663

Filesize
9KB

MD5
0f39cb2644d71002142d5a2ce4e579f3

SHA1
aafb3ab538743df2721432051863ef88fd320460

SHA256
7da977f615db678c6090ecd9e6464798bad3d9c39c452999cc606e17921c2ac6

SHA512
8a0ff9925ce8478398a5c6bffb488db5d2fd3ac66bfc6bd4106116dc38f14c66bcb1e266557b02c4f514954ae523934261b32fb54adacd863923de28c96ce692

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\D82ED10047F78B4F750CAA390C240BAAC50F3BAE

Filesize
10KB

MD5
94b9a032acc16f714192de8c4291d1aa

SHA1
5e9435f98f55219f3bc2ca7b3562191d79f969c1

SHA256
4c9d977dc7b53a86f955eb106f655a0679a9430fcede3878ed0fc70ea87bcad0

SHA512
495014c76e2008dae91a4138fb45d1f9c90230253a832d816954ff1781896864ffa9243ddb0e22c894cca61a80dccde1d4ab75e8c5a95d1beb52ea2ab7a73a2a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
01b42ddd3ed905e91f3b8367d4c3696c

SHA1
c8b3c38ee10701fbffcf0b6c25d2d92cd35f16ee

SHA256
4187aea0563b8e9c2a4a07a081183b248413f69b98558a9cdefbe309e10d20ef

SHA512
f6a61483f65fbc3b8a8d7f8d519271e4c9a5c68eea394122fab488745ba737b3a5216841772c7539a26b6c45fd451fc27f43208b1102747b5bb1fd4a7f92e508

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
39be86dec801698b83677b4b86851b3a

SHA1
4dc55129d4e0956040075a1f39c97ece3428ab8e

SHA256
d23647046498d1230bebf89bc0f17c4f031c1c7a584cff707f822a59b8a49ad1

SHA512
0b6aa83b95c771d762d1b5eb850376ab2437dcf5c4621e52bbf3f7ab5f8ff9c8c79ae3e92678d421185bad05c1c596bcd23b11bb7187fd5a8a3694d2c86f37b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\pending_pings\3e8325a2-34af-4c26-944a-a5ec485a6dae

Filesize
734B

MD5
1e319eb99ce861741c256fc265097334

SHA1
ed6889a40e2ddff8a1e544dc700f9a67077f3d9d

SHA256
f6a54bee4119df3bf1fdbe9d7014dcdd5c04c6ec640a990b0e330cf9409e3518

SHA512
1d5b559252039295bc4aba1bdd4166104ccf8b59f43369a94dedf9e8e6e7f407c26fb0455e559dbf5eeef331b9261a3f31b22df19d8444ee9455134f8bb230ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs-1.js

Filesize
7KB

MD5
49f636196de6f32023ff787cfff8828a

SHA1
aea49f1860cb31e09eb3656a22236cdb3b60fe2b

SHA256
7bf09917e6d9592a51fc73557702f475c367684b63c1ec406c4c0961185abea2

SHA512
6cae27b4388c5c0b3a58fea8d247830bc66f3cf14cd69d90f7a2dfc125ec50693d247a880b1535508b871ce082b71e254cb94a73b9578fc38eb27ed43779fe08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs-1.js

Filesize
6KB

MD5
a6ae8710b5cef4ec92d089d1c93ee1c4

SHA1
b78f835d28632ba50ae7c154763356f31c141520

SHA256
075988c2307f09e141fc2248b8807d4f698b5c68ceb6b3a5458505b5bb84c0dc

SHA512
71a7362a967846e4c455d877ea2cdf9ec0f814a5fc7652ad84eef10ad984fd47e775b67f14beccbfde8a3c9955bc63e883589f693bd6e6a334bd019cd655e08f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs.js

Filesize
6KB

MD5
b07b9838a57077ab43f758d52a44eef1

SHA1
819c2f32f207c88b4eeadcd3a4da990643fcad1d

SHA256
781712fbaca56cfab91b6eda0a43c30ac38545e768a0430df5b46874884b1958

SHA512
97341f93a699714cc9e2e8ab8697f21ae4062035d365c78bb8abe4f3b20d00acde5fed7c1e3eec3146141ff7dd2fa62ffadd9bfd838495a37e7e09a01496f13a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs.js

Filesize
6KB

MD5
bdb96b377b0ae8bd0a5f8fa78c3640b7

SHA1
02bf0198897c86d92f97967837fd93c75434a820

SHA256
bd0e064e0f3f8b3e6de315d000cdb7bbb4a478542b51e514df5b2b02e721bc0c

SHA512
64142459a39baf2f13026e547cbeb74c7f1a100364e5e42493f0809237a475118b8414413ec4ad857edafc58b24900c793503fb0ea043a8f737c879c9ab3b554

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs.js

Filesize
6KB

MD5
fb8bb6956696572400da07d556a13062

SHA1
63be70161bd1de46c1862096ebc78f3753282e0b

SHA256
f1847130a53d9977c3f556e37e44354f6cc2b7edb03ff8590c062072ac7d2264

SHA512
99e2445e56f809ccc8a6cdf0a28b9f83631b0986f02b735b2488368143142d34638ab27de53caef33f90867b36eb1aede0d7fc717d8bb7aa1c7ca7a36ffc7fc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
82fdc5541fdfa64684975c215c698337

SHA1
a7da1408c2e2da457f69fd4204b3a5250808320c

SHA256
01065816b7ffebeb074ec735f6d7d2c4721f3b7359d38466b9a68336453b6e97

SHA512
399b2910c6065953669268054f6d11ed73c0fa56908e20f2967a52e843cfc5dddf850eee7c63099ae7e9e7c23c03d7b8296ab39e6164420a1700cc755882be52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
df523243e085331c37563bcf88f0f2ee

SHA1
928ac22d4633d6422799d8a40f4dcd94d50dacb2

SHA256
425e8f4a3f45ac668a1725c78253705c3075b8327e2db113656b7209ce8bde98

SHA512
20b72a150f7f9827c092085fa37c6c34cae3bd887aca799b2c0c1e5d79e7818e448ddf55e8c585bd670e3a88dd8f4edae9639cb6ca3d32ec8306dd056cedcaf2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
eb0a2c86ecb57646b2ad6ed583ff2a89

SHA1
84bd97ed7386ab455a4b4f0b628a42e685d8ee3c

SHA256
a238d1323ec79f4970bf744b8d64b4dda2a60f32dd3771048c4a5a252373dc74

SHA512
428208f5124f3b5d7ee37174e774350591bd9c9afd0d3dc6d32d3a936483d7a289e5e040907c041685bfd883d990ab1675f2e3e51fbd60326f1632272f966a22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c6240227b31bb740bd28d52431009788

SHA1
ec5680bfb0bccde2b51dc024dd50ab5e5696f1ae

SHA256
d43f4ff7d845a581f5bab59720ba96f73eb79852cdcc6fb68f5b6e4b628db064

SHA512
67230cdb3baf2fa9a87e4f2295b03890fed556c43de93d89ca85d2bc8343fd01320196f8edd5ffb38cda350496380e1a9f86678146498bbce38e69dec85da6d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
b1b84fac71a194cc117a79435681c549

SHA1
23d9fc58690216fbf0a9027e9c311f265d0a584b

SHA256
d1b4184cee83410d15da085662c2ea9186dc9c22b938b74db262fb0b641832ae

SHA512
84cf10a22857a5699fe69855948bf98b6b22f7e3529bdaf199aea241c4af0454f0765b5f7caffd880a6c8cca1f11adcfb70f4279c9d8eb775f23eb04d9ea7494

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
1317619eeb1ee291432febfc41f7aba9

SHA1
6933392ca9042b29f9ada6032664729508f98e4b

SHA256
a0af55ab5dc34dea6a16deb0e357da38a1a44706771a30d9aa50e79512cc9876

SHA512
0b0ff66a8d9e12ab1a0a753f46bb934a32c7aebdbbeb0422a120bfb1825b39ac7108a652b3aa485df89576fab789ceea5cc87e69c50bd2ba393628425f769bf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
039ba73d10f8ada2931c35f698b95f4d

SHA1
3fc2309cc3846ef098c167cfa89aece307da16df

SHA256
78cd8a5aafd3ad7d02da746f023c3931ee60ad2166f194438676303c4624dd8c

SHA512
d222b244a9dfc6d1500173b9114173c951d1548b6eb5d4c1c5d21882e81bd7bb3dd345238b873e0078f964c525d71c3dffa22e37456067a3bbd3482aeb380a11

Download Submit