9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
114s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (20).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2556	triage - Copy (20).exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3984	firefox.exe
Token: SeDebugPrivilege	3984	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2556	triage - Copy (20).exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2556	triage - Copy (20).exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3576 wrote to memory of 3984	3576	firefox.exe	92
PID 3984 wrote to memory of 2640	3984	firefox.exe	93
PID 3984 wrote to memory of 2640	3984	firefox.exe	93
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 5012	3984	firefox.exe	94
PID 3984 wrote to memory of 4232	3984	firefox.exe	96
PID 3984 wrote to memory of 4232	3984	firefox.exe	96
PID 3984 wrote to memory of 4232	3984	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (20).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (20).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.0.1965472332\678987310" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4528f1f5-36f1-4fa3-a0a4-a36105c6bd06} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 1988 200b3404758 gpu
    3⤵
    PID:2640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.1.1088906457\139361165" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b12ad9c-b39b-4e71-9ff5-be6fc07e724a} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 2388 200b2203258 socket
    3⤵
    PID:5012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.2.1486956372\1226599351" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 2908 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f25dac48-694a-4099-806c-1a32bc2a717f} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 3120 200b5e99958 tab
    3⤵
    PID:4232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.3.163410897\911601249" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3480 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a25a622b-5937-4ad1-876a-b6389001351f} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 3568 200a5b62e58 tab
    3⤵
    PID:2932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.4.275429591\1099760075" -childID 3 -isForBrowser -prefsHandle 4488 -prefMapHandle 4400 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e9b248e-0ece-4051-82ac-2b45c4d0dcd7} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4464 200b76db258 tab
    3⤵
    PID:1080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.5.978038255\1506640689" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 5092 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee49ed96-efcc-4c3c-bfaa-8c197ecc01d9} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 5096 200b7eb3258 tab
    3⤵
    PID:3356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.6.190838927\179225876" -childID 5 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e79c68a-780c-4fe2-8d8b-2b617a121116} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 5204 200b8584958 tab
    3⤵
    PID:1176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.7.1421528158\217601206" -childID 6 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ed17a66-b063-46c5-8cdd-9e799d0c695b} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 5392 200b8585b58 tab
    3⤵
    PID:1252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.8.458516507\1779631852" -childID 7 -isForBrowser -prefsHandle 2848 -prefMapHandle 2844 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33e9183b-0fb3-41da-8794-01fe9d90515f} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 3192 200b9597658 tab
    3⤵
    PID:5376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.9.112480870\450535084" -childID 8 -isForBrowser -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd3fe175-ad5f-47bf-b862-9e3d1123afdd} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4816 200b99bbe58 tab
    3⤵
    PID:5956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.10.1442011165\206719514" -childID 9 -isForBrowser -prefsHandle 6052 -prefMapHandle 3528 -prefsLen 26834 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f724e22d-8fd5-4165-ac79-dd027ebf5e93} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 6072 200b9ff9b58 tab
    3⤵
    PID:2108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.11.509968388\1158101529" -parentBuildID 20221007134813 -prefsHandle 6284 -prefMapHandle 6280 -prefsLen 26834 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c35ef207-e09a-4eb3-b95c-be41f34bd7e2} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 6268 200b9e13e58 rdd
    3⤵
    PID:2728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.12.1768770845\1969517850" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6404 -prefMapHandle 6400 -prefsLen 26834 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34c72ebf-ca44-4924-84da-a793cabe1304} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 6408 200b9e13b58 utility
    3⤵
    PID:5616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.13.1115414842\2040631986" -childID 10 -isForBrowser -prefsHandle 5632 -prefMapHandle 5504 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5bf34c8-6c2a-487d-8167-29497c65a621} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 5492 200b948ac58 tab
    3⤵
    PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\12283

Filesize
8KB

MD5
b92e5095c0229cffe88cc6bf867bc386

SHA1
7fe2baa9f14c3355689a8bdb5a70069baafdacd6

SHA256
324f98092ad37785673f2d43655ea1a708d79465966ce079c696bdb0f7250983

SHA512
c0fa58ef012c279e2240f4df16884a7fca8cc316c8c6abafbb1864fcfa17e2c502ac9c6870088e68e4fb18dd8cb1220bb1a8291bedfdf1045b5af6ee308d8e27

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\15301

Filesize
9KB

MD5
7b816ab74b243e0f5153cc1e53846e68

SHA1
125ffe055620a051884eac085cf116be61ab9ac8

SHA256
d2c36225737b9ec8be4db381aef49320f0cc0305b8a00a3949afe254d2908503

SHA512
5a065a63b2ab51cd44a77f2bbef29906f8cc06c138f5e867c54aa017cf5ec874fd3461a18a20c12b588190c222a2e085f6f25f98b862a7926513a7edc03b9feb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\15703

Filesize
8KB

MD5
d250899efa8867025313a7955461a1f3

SHA1
ff0f90924e0c03f8a0eab7e422635e34e73cfec8

SHA256
b134e021c401d83f9e8abcd91feb9a24d35576cc551fe623873ce05066810a40

SHA512
9a8deed4614c3d2c0b6d96e6c788d8f23721eb9db0f8fd324c6cbe9f3cc1034c0dc205cbbe97991bce24ca0a5fadd7cdcb32ad161ed21681bde7867bf18be94d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\25264

Filesize
8KB

MD5
f3db3754782b57912b68f6880738c589

SHA1
927e53592be79fba97d1012e4bf09d2b37dceeaf

SHA256
c6cdc3ddbc6e3a3bbbc6c2e52b381340b8e12984b667bbab4a02217ce85a7045

SHA512
c0538aa3249cb941b7b27d4e1fbbb0c1363a15f9b7ad711dfc35692a22410e6f83466090c5de78318f6c4c3d51e9f1485c7882c8ff75da7db39351d046e837d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\26689

Filesize
10KB

MD5
225d78411f343877b9664992c8fa67ed

SHA1
ff77b03916b96ffebdd2da3890126a027f4daaaf

SHA256
44e2a94097663ae6306c4878f96e91a60b43d877c477aad3285a9e92258fcd6a

SHA512
13fa0ec3c36274b52ad95d02309983c6da57376603fe80191b0c26aa0ddc158d890b0b10ee1a4c4fbb9a8d9fc6097398cc2992b5a3c8a4eb2390b6587dc28aa8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\30670

Filesize
9KB

MD5
5a601e0ced2308dc8cd2fd9e7acd8eec

SHA1
245e74aaeba812bf6dc393227b5b4a2c566904a0

SHA256
e98fc916ee138107a1acc8f778128a8d42df091f3867944d4e0fec49bdf4f58c

SHA512
340b62efecea0e7912fbe486c0aeeab85584c34ffa521f69e3f04bd1a266728a7cec94216987dd9b3095bc54a070d6fe4ab3eeb2c5705a9bf3d23fc0a1fcf264

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\32089

Filesize
9KB

MD5
3ea1d61c77b2bb09c53c9285951f5725

SHA1
0793fd2ef34d9ba524902b71956ad2ccc7f29c0a

SHA256
262742003bd03d35a0e5829f6eb7c4908801e338ba5b4842eb176f8c68e1a344

SHA512
bf6fc8f9b84572545c1de6a920aafbef8d2428cffeab0bef783db5794f2c5b0c74137fb2753671597cec7eb546b8fe5b97a9b69264818b480d75d9a7bd34b576

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\8827

Filesize
9KB

MD5
afee12da29ffb24636c72449ea1a9d7e

SHA1
0103e2f3b10de9be225c0d70d5d6f857891ebe71

SHA256
b67e65be9537b57f77cef7062a63c4723ba9a6e22f03ffa23892edfe2e6e5c45

SHA512
b27370fda21348ffabfeeec1c12aff2fe148193c02b8e64092c68cfa79a0e709fa4146c46ae116c5d862f99d8fa3a7635bff7c699029ce8b5a1b80989d621dc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\9949

Filesize
9KB

MD5
3e469954615f8b08b9bdbbfa71f5d66f

SHA1
61f437e91177bab0bbbeffc9b62436cf9d3faadb

SHA256
f2e3039c1f6cc7fb948972a42564555c08bbaf2034336fd9a0837c890873c108

SHA512
8dd7828a2ed728ebe5a7e9d6104860591541cbf300abcd6d1cb86b606d84d6f9a58fc66de4ee07b8ff3962170d735b25dc7022827125925eb296b8ffc71b2320

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\0F9547914B10CFF8D1C17BEA4ED9CA63F10AF127

Filesize
8.1MB

MD5
abfebd44e9ebd2ac8cccd8542181d7dc

SHA1
a9a84ad51a6a19bf4063d9de8454cdafa6814546

SHA256
e6123ec6e53754a2dd33281a1b074869addd6211e56630c91bfaa9a99979cf77

SHA512
51bdd58e425fcd0fe333fc619937c0b5b6f6ab4fb852b2c7b75bb879421f2294f658bbb4e1a2483c96ac359a2d8aab57b6fd6dac38f46f23bb4d8107861344a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\D82ED10047F78B4F750CAA390C240BAAC50F3BAE

Filesize
10KB

MD5
327ae02ab0e820461f5b5050d8f6d83e

SHA1
11a7c0d9d233ee0d5b1c8d7bf7a38f6857f86081

SHA256
1db92e563b7842e2f53d902b54bc54d413e88faa03ba14204ce22a94228fc3fd

SHA512
5d67e2c47c7d4ee83b2e0b9979ddd842b4f57fcb314aa3c08b59d5a0dce820aeef3fd2b99458569c7cc3953abcba60cd2e20a240c232ec43916d7a5a6a5c2d07

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
eaf508f1526ac8e116a9932af9cf50c5

SHA1
d0e0beca849cc8b5351fa3d8f9ca026d439c2d07

SHA256
083c68f31134430614f813d10e34ab4d1aa8d10b0acc8f4cf4de6ea957fd900d

SHA512
3a719f4f37c9771df3b876ea6c8c4aa40aa08e34ff68c1563a714e96ffbcf2039af7ac03e293dab8cda4ba0446fd6448dd386cc15de7eafadb6cc138eb30d609

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
afd513aa9d71b8526a4da52647cc4249

SHA1
8ad82cf378e4873a86bc0e2e07b019de3b80574a

SHA256
f8fba7568b161cf3c3e3caeaac78373499151a0b7b9812285ae4eb5ae93e377d

SHA512
85ec90a302744890b4be48099d0641ac2c62592dd381d7e3a211829eb9fc77ea2ea2b793e1beab5417e2138dac91c5b4aa0ed4c989925d001c6f11037e323888

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\pending_pings\a950c7c9-54c4-4245-ad51-8c88c5ad5885

Filesize
734B

MD5
963d8d75b71b4c36ddb8b8a13fc0fafb

SHA1
820c1436a34dd89ee2230f11bb6f5da6fd1e0c9b

SHA256
d02f3b6fd3adcc87524f55d0833d5c459e725f23f0b113d665642a7b886cf86b

SHA512
ea71dec4a5bafce25e45ba34f55894c44d71bf03a1fcf9adb1081556b5b4b6279ee90e27cb376c5a507a6f09ed4d01391b67dfee680b4287e3e9969ac8ab38d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
7KB

MD5
62b121df5f83bda3cf62865b0bd4500c

SHA1
446cf479267700c57a8063f12c8e3500a36a170d

SHA256
e4aef852f55ee35f5e3268cf77af9c3d8c601db7c33de517092386095fd3781c

SHA512
907147c1d1fa2cec64bde1e099b683120f3d25fcc7816ef567dba6f3eaa5040dc55fbaee44741e736f4a20011adafb0a1344d79d8630f6b17ac03d0096bbba92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
6KB

MD5
a85b5c687abb5017f16783ba86e8ecad

SHA1
d561c3aab84d7220c9ee29c7f69c4e4ea5327079

SHA256
e3fdfa7b5f7dac96941d81fa80972c5d1e4d9cdda29c7e381087de6b1534e1d6

SHA512
cb4599c84730460348e4d0903c8d51e2ee6b4699a3fcc31ecb93d77c8867f166332b44b1e0975669ca337b7cc085cb39a7a7ffa7e9a3cc4776aed738c7fb5370

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
6KB

MD5
2ad78183d4060b6504ea80b9478b6144

SHA1
02a0602d0440cd68abad75ed292fff3740dcd873

SHA256
970a2d0f9e2d1ee8f67506f8b7d9d8cab769455c320b5fcf846f84ec9eeb501b

SHA512
f7079928ed10167cab609b8b5e5f97ed62d68ddb220b51d05cce3d63d0c08aa03fc93cf1adfe84eb32e54e31e1ff2944685b94c3a16aae93efe9e0a24e203860

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs.js

Filesize
6KB

MD5
b01edfe77c25191b624b2e9f0d2ad93e

SHA1
2b608705fc7a7f2a75862f6e69d06ed6f0a59c1d

SHA256
1de6d49bfa1e220f4aa3892acad16644e9f5c75e4ff85da884943b2650007b9b

SHA512
7793b9e985a47cb37f7af701f3d22496322ab6c902bb81f7e1d3db7e8a79b851caf030fa3304d60b68ce467dddaf0d1be1d433a0a861cd5df5b15a1978aeb639

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs.js

Filesize
6KB

MD5
c4ffb931e0d9ccf484d3acd502823088

SHA1
04d5abd42b1614aace4ebb2148f999471f991336

SHA256
b93d2353149233d11601dd3b641f0184b5c9661f78fa97fb2b475c9058cea7cb

SHA512
1d3ea2e2dbe7603b571e79851390d605567c0b6873757a6e351862f2bfb142fc5c2275ff5b7057dbedb524881063c1cd50fa71bf80875ab9bd12941e4123242a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d82af544e97bf886ed572a0efd27e046

SHA1
8aaea2eddbfdc512a2161ae32b6d9b826ff34bfe

SHA256
1d8622752c711ce2a2caee62a98287579485c5b3564a6d370a06e75e8378d07f

SHA512
bdf706d98f4a84eb454b9e7db6becc3fb3932398e136b57d6bf3dd6bf4a6bc4da227320a257bef57c888356d1d2e9428fbf2cc18b9a5822b915441f9e3d02472

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
c7800cc4f639d8d140dd55765986511e

SHA1
e22ad5eca351dcbf6483283eb4d943982923b6dd

SHA256
9f5a9b4e4310b4f3fc59d7decb5aa83de3b1a6aa3399456e029af4384f8b7841

SHA512
911e36e9b4c54f872358686dc5c7e1161e60d1f7d5a52ab10f3b57b363ba863ca8f4059e91e064d9c57882c5c823a9095a7009fbc0ebb8e92481ae019bd15d0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
085dc96c3fa6d270714742be23c1a3f5

SHA1
de7f49e2ac2755b1872b820b35a9be3a5ddba034

SHA256
77c79a4a5903ad5a0b4cef382c6dd6ddfe7c473fa44096c29711acd4c4061f18

SHA512
4578ebf1aeab02e60559ea78b64381c2cc4e97c62cebf41aa695cb6bc2bbef0ae0e7c4660166eb7a2d25575faab007a3b964b4ca35bacacc6fded70676f95844

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
19e67be033c3a861642e0682c08e78b3

SHA1
fc594bf24f8cad5012f9f5d3b30c3b7341297543

SHA256
424bec7adf24da7ff21c4f53790c24e7b01c249dff545ce39a1525be7de13aaf

SHA512
deef89513512b8c5be71d5af29c97190fa8dc8d6448b01a2f20b941a1b82297f9ca327797409a0b128f253f4051ffa60c30152b2103c4464df27d649e707a3db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
446a385064c8f288ea91e51a8ea791c9

SHA1
d8e89e434c1544a623ef6182b226656e6faaef6f

SHA256
8a40b9e60ab26dfb9bf85f7b1d1ea8e1fe0c2786c393e0818aa83c271fb4f787

SHA512
8348f1de3dd3b7bd2607c3a1f23371e8cc2d42a0e0f49579cfbb422f6c665abbb599942b7d240433c66b8f4102d16a051aee8729a942a8b7eced527a1f99f20e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
64a5569d75ade6fc2e358a8d880617fb

SHA1
2ea1d90b6b29dbdbf65d97a24ee65071e4bc1fac

SHA256
7d534025c1b9c4c2197b44081ad490847775063b74453fdab9e17fcf30416ec5

SHA512
914b4cff616d327c3a98d756eeecdf938796f8dabcb5abee1bb8ecc999c01e73c5c115c78434f0bb061acba225c06e01c495b6e47f8e0843089e6322502bba57

Download Submit