9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
128s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (2).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1268	triage - Copy (2).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3308	firefox.exe
Token: SeDebugPrivilege	3308	firefox.exe
Token: SeDebugPrivilege	3308	firefox.exe
Token: SeDebugPrivilege	3308	firefox.exe
Token: SeDebugPrivilege	3308	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1268	triage - Copy (2).exe
3308	firefox.exe
3308	firefox.exe
3308	firefox.exe
3308	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
1268	triage - Copy (2).exe
3308	firefox.exe
3308	firefox.exe
3308	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3308	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 852 wrote to memory of 3308	852	firefox.exe	92
PID 3308 wrote to memory of 1592	3308	firefox.exe	94
PID 3308 wrote to memory of 1592	3308	firefox.exe	94
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 1448	3308	firefox.exe	96
PID 3308 wrote to memory of 5084	3308	firefox.exe	97
PID 3308 wrote to memory of 5084	3308	firefox.exe	97
PID 3308 wrote to memory of 5084	3308	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (2).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (2).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1268

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.0.311815319\11836011" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60871ace-2555-4349-9a8b-7c294733c2c5} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 1972 1c93aed9758 gpu
    3⤵
    PID:1592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.1.1320190085\837909669" -parentBuildID 20221007134813 -prefsHandle 2132 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {060b3cd3-68c4-4a80-8667-cc41b2219a67} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 2376 1c92706e858 socket
    3⤵
    PID:1448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.2.1199450697\1118597741" -childID 1 -isForBrowser -prefsHandle 3364 -prefMapHandle 3360 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e39b82d9-a757-4e11-ae8b-a7a88fbf7543} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 3016 1c93edaee58 tab
    3⤵
    PID:5084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.3.1042942261\2057615347" -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 3252 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cd0a1c1-a041-43c6-9850-749240e01f92} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 3064 1c927065658 tab
    3⤵
    PID:4092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.4.395113785\228556496" -childID 3 -isForBrowser -prefsHandle 4456 -prefMapHandle 4452 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9e3de8a-c9e6-441f-b0cf-495ebb097872} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 4464 1c940a2f558 tab
    3⤵
    PID:1284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.5.382653137\1010869236" -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5100 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b1af349-05af-4d02-b27e-1628ba1c48af} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5136 1c940a2d158 tab
    3⤵
    PID:2784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.6.1864453010\375517747" -childID 5 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdde677e-8180-4b9c-8bc1-b5ba815b9c62} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5268 1c940f0bb58 tab
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.7.659258137\292830974" -childID 6 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {106f96b5-31e5-426f-8003-d039388b6c2e} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5460 1c940f0e558 tab
    3⤵
    PID:4416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.8.1104770579\2008657206" -childID 7 -isForBrowser -prefsHandle 3212 -prefMapHandle 4736 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e018d5b-1ed1-4cb1-8add-3a23da8dcb03} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 2976 1c9407d6058 tab
    3⤵
    PID:5384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.9.1536582983\433810061" -childID 8 -isForBrowser -prefsHandle 5812 -prefMapHandle 2972 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43ac46a3-83c0-4ca8-a9dd-f062842e0b06} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5796 1c93d64e158 tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.10.135329560\879411131" -childID 9 -isForBrowser -prefsHandle 3876 -prefMapHandle 6120 -prefsLen 26659 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7a2201d-f93d-4ba6-815b-aa5aed7d867c} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 4712 1c942948158 tab
    3⤵
    PID:5324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.11.83218112\1054380696" -parentBuildID 20221007134813 -prefsHandle 6476 -prefMapHandle 6460 -prefsLen 26764 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d644903d-ec72-431d-a907-5e2c1a3a86f8} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 6484 1c9429d1d58 rdd
    3⤵
    PID:3260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.12.1043703515\218850910" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6452 -prefMapHandle 6628 -prefsLen 27029 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93284f27-145c-4b1f-af38-91e5156bf5a7} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 6380 1c942397158 utility
    3⤵
    PID:1976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.13.868442405\230806283" -childID 10 -isForBrowser -prefsHandle 5400 -prefMapHandle 5408 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bcca8e0-b567-4811-acb9-bf67cd0a6c95} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5372 1c9429d1a58 tab
    3⤵
    PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\17281

Filesize
8KB

MD5
9e187a08e1bf92862d9fcade2f6a0ebb

SHA1
d0db3b61a8616a95c44f1320235b1bef1ffc4d6c

SHA256
c913c43ec39e9075f5d6b37d5a333821cef407b360b5e808fa7fd561d890d7c6

SHA512
4e77cde30d7e0be21811b208e6faaa217c801953fd6c800c7aeddcc0d244bc56d8d3d4a9226e0d293b7f631995f16f14a6b7007cebfa3d4d934a297090a48339

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\25317

Filesize
8KB

MD5
b46eeab4766fff32b53171b0aa43849c

SHA1
68da8d72fdbdb65936054ce48d6afccdd759caaf

SHA256
175599342863b5e4ae5f957ff2b1fdb9b5c7e48f1523f834e6dccc9fbdbc3ead

SHA512
a11a881b776dadce26ed16b7809881e13bad7f5d25d8e2986af77621b10fa4d8d9da6e5c1323e475ca6b62288ae2791207a38d45d3fe4abbfd10348cb4a8bc36

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\26596

Filesize
10KB

MD5
874216912c34d9277b34817b942f0fa7

SHA1
2107b8ffcacc019e5a2c2b9b7b181517e4b719bb

SHA256
bdead809de35530c87bcf055dfcd82ddfee1dfa38af8932384d0ce3b4b7e83b5

SHA512
de69f83783e6cf570f289e80861741f67f760331a74cfc282cf3608319c5d3cc39cb687a40c434dcf4f4be2bf11423daa547c87f24d21dbf9cff6312645b96af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\30881

Filesize
8KB

MD5
6b5b06ace9f203546a4048d2788720ac

SHA1
6386276525f747e8a64a1cf7478fb0eea53ac9fa

SHA256
5d53f92a7c3e3ad63708fa91127af7d10bca43b707f68175f4278c2377f622d0

SHA512
4f09b8981301204334d543c03d8b58d48c2db9eb7ed3bf7929d56d8ed9673314bd72527e5c4bd371587462e77430235ab3f3f0af5eb9cc17e7a70a2ee5bad6fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\9562

Filesize
8KB

MD5
ef92cddbde9661a8185a605d40f48278

SHA1
e138cd53e1d0353e0ef675a20279b3ba21bbacf1

SHA256
23b1fc4a3c3e178888b953bedde3b7ed8b3030847a674b262d4bbe1e4db1a4db

SHA512
82951994ff9ef1f1bc766ae03bbf3101e7360646c72e3e85f55c9d85c2556a6f348733ef7a836423bbe90522df2bba6b8e85b74a7a6611ebb78df9694539988b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\21A5B190A6BCEFAAFED2956D8D8E8E495F07C71B

Filesize
8KB

MD5
53231d1f8338f6e3c729984fb03cff04

SHA1
a48213e6a209ccec2d1d02399a3ca235df098449

SHA256
5282d6cbdbd1c5e825bdb07399665497ec5175ec676bfed4c2475de6d8e8267d

SHA512
9d7935ce4054014475572a9599c01d7dc3435131aa8114232e8d5567e6f078229de73c28a7b848a2ecbf8d9193bcd02f7bcffa8837963389614fd144b3fcc8d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\21A5B190A6BCEFAAFED2956D8D8E8E495F07C71B

Filesize
8KB

MD5
524fa3b891f8d5585899d5b1c74bbdc3

SHA1
2761dee3add46950d7ff42eb6f080f26ce3f8410

SHA256
21bef6cf14022753ebeec1e571662d07d83dfd7d1dfb89736ea4a9ecdb86db1c

SHA512
cef8e9c2a04d65229c7eb23ee522abeb7febb2d8c4425c1d0052215280d512c0765d409a68c9036ee05f05a6f6e21a30a8114b885a9104b5d8313f4c8c8153e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\D82ED10047F78B4F750CAA390C240BAAC50F3BAE

Filesize
10KB

MD5
5c62e155da9fc8881896a5c6d6b5e960

SHA1
e48d3145d5b7b98823443b694e5ef029a65471a5

SHA256
1099fab03167c3f90ba09f1f1308b0b12b357f2a1f9187f4e3818bf0037dd4cc

SHA512
a69a3eaf3b5f34de1ef16f62d813a4fabf71d5b39740d1f219da36d85205e530a6cdc601d9edc2ad628baecb2d2f4cc63ba7edc5440656754c3b268eb5f7b580

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
d46d555083e0de1788b68b92e2e95d34

SHA1
3b7370c110aecad5fecc3501f00665b11d3dba97

SHA256
c2798b730d24b81151e417492c272f0af72daf7488dbe69c523814312e71c511

SHA512
7dbedff594ca7daee5c2021c1c68d1960a34b3be9a660d72f0f7314df99700ddfcdfddc90f7c28a628d22bbcffff475121f6c590404fe38632b51409ce132a93

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
8ce6f10fe7e5fe905a67510c5a0291a8

SHA1
23226885046bf9949fe06d2493623dbfe5b4aac7

SHA256
3a57376bf5c5a62f3b32fd46fdddb9344195d8a60c927511914bbeacc66f8cea

SHA512
b504374e1144ccfb803c6dc14eb477b2d79bc09c99cbcde814c8f7dde93539fde61f191a03f93d53ad12acdc9b112035b0b008409c2a512136f6b349e73c5cca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\pending_pings\0a7d96bf-d07e-486a-9575-42c0734461d2

Filesize
734B

MD5
9a22081ebe872c08ca2f4bc9be0edeb8

SHA1
e3ac2a7316308e2d0cdd45890d90073160709e68

SHA256
4fa7825929c0aa8a1870ee23ac138b20c109037ebee15135aaaa4626ca371cbf

SHA512
b2dff4f908876da5ee206bf727f6cd67133f90c9a0afbc6de273697d9f5fb6e8447569e13bb64680df5fa7745ae89e7cfcda47ff229eae4bd95e58dbb40bc98f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
7KB

MD5
d33ad95f91c26ce5d58bbeb5b246c4a0

SHA1
846d85806e2e72bcba23eb610a45b628014c67e9

SHA256
bfd4f298724e12072607efb80b4a2f04e569c4b63307b3dc008b048302b0988d

SHA512
8d0f098c43499f25bc00bb65f522009b9941a6aaf091aeefe1184548cb61ed2f56915ccadc577460126f3828fb3c513ca8dff4bc640f104d771bed0b5996d55b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
6KB

MD5
ae8b1962f408810113287f447c88a533

SHA1
a166558cacb7e72af6aad42c64dbc0328ed49823

SHA256
9947b9b1ddd3fbc8b13905d01f2772e9f516a6a52675397d60e3c6799437f406

SHA512
7599168616b522111ff8f12f16a4607a30a2c9d91ef1af7d27f2d76caf2cb93b035e39e318d65ee0f5475ef8225286d2ccc263e069ea47376aa2e14f86bcb19d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
6KB

MD5
8756059baf10bd58189e6a398a40dd31

SHA1
bb5b2173d8f5a5e3e4bba3eda0225b6e8238a9d7

SHA256
fd79f32a280da45b0ccdb60a2e33fd21416e24e9dcba2bc87efc8eef292c5536

SHA512
9316581e63684eab92673282d9a6348ea70634790df252ce4e47fb38ca9141f158802100f41ecc1142a25755a887ae49f9f976ceeddc3071f10824a5df6c7c34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
2a99dd9da6dcf5c82e31643b2bdeb7e9

SHA1
047a1a53f26dfbcfefddcee25b8a24b2f00b11cb

SHA256
84a62b52a8d8677edf19bc69949de567e5542de3bbefbedd107dccf2bf433720

SHA512
ec72d6c4df1c29f5de637b56fb7ae35b65852ae8ddd001e7a50ec1c2583733124bc1ee6949b98b2317aff64525a79a1f50d8558bdb6413cfcf2699865385cb0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
f51301975944abb0da3d8d58a241cfad

SHA1
2c413dbaf34d182adfa9c3e1ee9cf6f8cc6b6824

SHA256
a1d1d0dd351817546c76a406d802f563b7b842828e3fc9b3ff62f9c8cb827361

SHA512
ffd6a741ddd4bac20d2502bedd7b462f2986d3ae0e04a532f1e33a74871fd78e8f5cab1e54560e0a9ae6a1a905156deef581abd0ee57ab3d3507f82ec841b2ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9b768f80b531eec781175ae3d77c638a

SHA1
c2c64ae916af49870f27a9c89371b5e0af02a9d9

SHA256
2551ba2863534e2e34e1e48727d3c10d290f3774ef6de4981cf0424576c93ad2

SHA512
4de9464a60c43a1fc7940fba63c9f328ebf120bf7d2585a292c7096b82104a1d7d667ce8dea8cd71ac96014672de6789c0f7f10d3934fd93e8c38dc04571fdf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d83a8a568b5c1ed2f7ab7c409e3ff12d

SHA1
04cffe5b386b98357c44621e05f34bc29cf043bb

SHA256
5fda979b78bc02cf42898fbe14e55bb2e3b5a95331ef628ff44c1d410159c23a

SHA512
1bedf758a961e2e1ed4393dd85a51cc7aa596aa53464ac02ec5f668052bccbe15cd4a0bff51e3e470ed90ad4296dc890e43d999a0363bbf858c637b20c6ccf89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
d50002e20ea40913571ee0ffc4ecd09b

SHA1
1c0e0477ac7b8173e7ae28166ee528456ebebf8b

SHA256
aaaf9b26bb9bbb870b9a173fb14f7b39704b26db7a42bbc7ebb1744132ac8f05

SHA512
88602508d664cceda5d8d75e7af45838781e6e3a37de67dec4b1c6995780425cbd7eaf273952a6c22321039bc5d3101068040f35f76529345f2291986959af74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
36c3ce2cc3ae55a09c0a1dc1505e4e09

SHA1
f89aec84e8dc88ee8a4c9e67e106b450957bbf57

SHA256
a303098cc9fcce3c7f1373d988ba91bc18b834cf64854e7e1d88b8c97a1361df

SHA512
2ddd18583ca318f6f7cefd442180538f9f0371e1970af328c5428a0e11c5ed017c20564a8955e3f150a769c910ac2824569bda964aa093b1719677c6f4b17623

Download Submit