9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
166s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (24).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5088	triage - Copy (24).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
5088	triage - Copy (24).exe
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
5088	triage - Copy (24).exe
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4052	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4816 wrote to memory of 4052	4816	firefox.exe	98
PID 4052 wrote to memory of 1684	4052	firefox.exe	99
PID 4052 wrote to memory of 1684	4052	firefox.exe	99
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4352	4052	firefox.exe	100
PID 4052 wrote to memory of 4760	4052	firefox.exe	101
PID 4052 wrote to memory of 4760	4052	firefox.exe	101
PID 4052 wrote to memory of 4760	4052	firefox.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (24).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (24).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.0.1732740865\482679194" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fca4dd97-6ab5-4488-b330-5178c194fed0} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 1964 2b5a7a05158 gpu
    3⤵
    PID:1684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.1.805900915\420627035" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdab203e-0347-4470-9cc6-04568cd70af7} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 2368 2b5a6704d58 socket
    3⤵
    PID:4352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.2.2089418264\1734604572" -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce2617d4-54a5-4c32-8e99-616e6a888e93} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3232 2b5a675fa58 tab
    3⤵
    PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.3.368232617\723458241" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3460 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {873fd05f-e1a6-4df9-80d9-59e8a3f636ac} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3636 2b5a90fe558 tab
    3⤵
    PID:3504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.4.1294083260\1406420380" -childID 3 -isForBrowser -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a0c446d-95b3-4726-87b1-f359f1e94742} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 4156 2b5aaccb158 tab
    3⤵
    PID:3368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.5.475472595\1074170801" -childID 4 -isForBrowser -prefsHandle 4924 -prefMapHandle 4920 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5dcca0e-7b58-451f-b64c-71f2e5a58357} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 4948 2b5ac953a58 tab
    3⤵
    PID:2480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.6.387458172\442156785" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c5dd56a-8cd1-43fd-aab5-006b710d6a1f} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 4968 2b5ac9aea58 tab
    3⤵
    PID:3940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.7.1357034642\1007990885" -childID 6 -isForBrowser -prefsHandle 5280 -prefMapHandle 5284 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ba9ee95-ac1a-43ab-af8e-40c75d2a0b37} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5364 2b5ac9af658 tab
    3⤵
    PID:368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.8.1394522473\873104103" -childID 7 -isForBrowser -prefsHandle 2868 -prefMapHandle 2872 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23d592fb-22d7-41e7-b7e8-ac6dfa606ce4} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 2972 2b5aa93da58 tab
    3⤵
    PID:5664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.9.1503385182\390469541" -parentBuildID 20221007134813 -prefsHandle 5700 -prefMapHandle 4272 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ed0a1ab-5c19-401d-8e5b-c640e03af56f} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3008 2b5aaccb158 rdd
    3⤵
    PID:6076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.10.768674839\382392013" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4376 -prefMapHandle 4388 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faff5894-cf3c-4e54-8e05-6973711913f2} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 4340 2b5aaccd558 utility
    3⤵
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.11.619204911\1341106166" -childID 8 -isForBrowser -prefsHandle 6084 -prefMapHandle 6080 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65235876-39c2-4ed0-bc66-ad99b51b6c40} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 6096 2b5ae026458 tab
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.12.584465673\1639862991" -childID 9 -isForBrowser -prefsHandle 6292 -prefMapHandle 5672 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {292cf3aa-f5c2-433c-b2db-20620240c2e9} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 6280 2b5ae5ce258 tab
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.13.148330365\861116042" -childID 10 -isForBrowser -prefsHandle 5452 -prefMapHandle 5480 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3abfa72-4873-40bc-8989-1ae19222d196} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5388 2b5ac426658 tab
    3⤵
    PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\17094

Filesize
9KB

MD5
83a119e784b4bd6dfc5b73f6b99d74cb

SHA1
c6435eb895d1f38a7a6d28bb539761aa5817c1f1

SHA256
eba0dcf206d92466c4039353717da66d9a860024330298778d426477185058d5

SHA512
55c3e3fd8da6dcd1194d199321d608cae16c2083eb9ce3766b137ebca114acec5e4f0a5110f08ddb88273d069724e05e9d97926d07e01ebad659ee33a1f7afe2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\19772

Filesize
60KB

MD5
eb1a986083db47466d1fb9083bb57210

SHA1
919929d30f7ca921b86f061355adf2f89870d550

SHA256
f41d6c3751b6e71aba335afefcf36a5d58501e8750e88470715b3bfabff4da3f

SHA512
a770963fdf27d3c6621e1ec9f91a9925733d31c7ee3765ff1397ffaceeaa83c63d55652831034f67e8e6ffa2455c1d9c83db34060efd51b7c5dcd8c1ae02942a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2199

Filesize
10KB

MD5
bffa029f3e8b10b948591d8636becddc

SHA1
820a72d610161f811ef0ffe851ee2926fec3811b

SHA256
5e3c6b077b2a09ec1b0534036c42d119c9cc9e09899a4d53816c2827d2ca8c3f

SHA512
8d57559baa8c09f8ec7457f10bc757290a2dc2e9b0438ff2bced39a63feb1645fac8b59b8517dd4db13a4970f288d50b07906c379dfe3d136c12ec6de66716c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\26031

Filesize
9KB

MD5
ff9f31511a42e6d42bb9c06bad0c5f1e

SHA1
109e31809f1156316445677e0181340bf0c790ac

SHA256
6a384fe50c322fd3369e18bae873d271c17c5e1e0fb8b59b657a75606339d5dc

SHA512
badc44cf667293d1d904c3928f7a560bd72cbf25cbc70505a9ec7da8879b76ba2d69462419f2de534a6742990ae946da4236262c3e760f2d06804e339e87dbb8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\29217

Filesize
9KB

MD5
099403299fbdbcb3a56f0c27aad18e96

SHA1
f285b97fe28bf78b491164a2392a4acca065f348

SHA256
49a9dccc3718ed4bf0095c53382c7de010c6b185ac841aff71298e1abb206568

SHA512
04cce4c6c63cc64a4a56c469412aa7d317419de69f2353c39e5fcbc66de5de735640cb9e3c09adef5b32515d90477d2edd6f5b05ce39f2802c616e31cc53ee5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\30430

Filesize
9KB

MD5
6839e27afbf48c1b885abf8faf176c65

SHA1
b91ac856b46f95dba8c8d0911e3dfea3b89456cf

SHA256
aa882b16db5671dc046386ec2c593f5ebc88e2e1934bc6e7069fee729abe202a

SHA512
a531f53b93b59dbb596bac76891ad4a41c227f01be069c7e92685e5fcc52a0d5d441cd62c78bb4d3b80041b2baaad5bea330cc7f41b9ba50e8b0d68820c1c44d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\5942

Filesize
9KB

MD5
663cf313bfe3d8448be83fb45ee4d9c1

SHA1
40be0a26980350973eca42f4fa37cdd8ddaee7fc

SHA256
5741f13a1a4fcbd64f46017e83431558792b338e7750d93d9a3c7b2d451b8c71

SHA512
272620074c27a7ff5074fa79bb5c6b2e324899c0dd5c9fe99f79d0a24499fd0fdafdcd03a50ad38a4fd3b43923ef34c02eaa575e66fa56a17d9155e58796c7e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D82ED10047F78B4F750CAA390C240BAAC50F3BAE

Filesize
10KB

MD5
51c75ee9d042be84d7178aefec9e3250

SHA1
00d151b5e82c2ee809ab182f447ded4ea8f2238b

SHA256
a9ca9db6a320a5f05d0f9b8d2ddea4facb2e74c12e50979fd600e64d8e3eb058

SHA512
4cc86440bdfdc959da18a84cdf3b5c0ff578b664ec47d2aa1377cd05c8fd4ecda6728b1c8a0b121855f5c09f8e81dc3fdb1dca445b41c1bb833a9e4987a7cb9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
e812613b8af40f8e1b9fe365789a60eb

SHA1
3d2945fa2a7f03238c58817292293eebb5b2b959

SHA256
1201abcc1715386d2701ffe0f33d2a36d5b4cf5044e5cd50603d909508eb5fdd

SHA512
906e854f69c23d07ad2950ab0ee2838c4fe71c27baaa8263f98dea691cbf10fbba87f171415712b8cd3672dcdf573aeafce487e25015014a5730e53ff348f804

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
13b8cb3d74e9b96a002a705df963633f

SHA1
ac8ee7399365b8b8ecd9fa8ee445e0c42bafd6fc

SHA256
3d0a6e4a30f1f1d4dc9cfc1465117446e3227b149a6a4d68ec17631b71ed064b

SHA512
8f52fd212ff730d2f08ef80e094a9a770a9daa4d4843f3fa62f2fcf047b14a147c0e2319a721d29674e01acc3754bbbdbe2e1a37fcf3f1e364997f3fde6e9891

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\358c4bba-5400-4b11-bfa5-7f1d93cef42e

Filesize
734B

MD5
f6967712f8e2d9ca9c9c29fe864899ca

SHA1
1454939168cc644aeb26263f8d9ab331175fb40b

SHA256
deb3c2d6e6d92bdd59392c202c81e8ce77217e220577f2f974edfc9d5dab4d1d

SHA512
087cfa8839f9d16c18c2b0ce0ef7b5206e3fac702911b6fdff47e3721457b9495461c2eb5528883dcd58348d875efd2df0bf4a5285c1a1d5adb0eb480426a2f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
96c67eae4c9f8a3f057d8e76e8769e22

SHA1
bf3d726454d924b817e564ff26aab3f9d3aa2a69

SHA256
b67416cbcff1ab3cbfbdb31417d1eff164db11675a3278a95eae42eaa9313842

SHA512
dfddc30b6710e1845848a42e82f7d8742d73f0cb270dcf15292a37b0bd9524a9509478d2ba1d873b9a28dd6e3c1ed257d2631905ec5804262256eb9fb58d0d8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
191b533abf823e6cea91b7c9ad56ddcb

SHA1
1307d194614fc2ec90b4e10dcced493fe3975d16

SHA256
81b0d74610fc94154c99220c7ebbd46b77dacc1d3fe0e791e74231b892fb558b

SHA512
759e68a6efce516a62ddf358411f7933af0d7f2c917fcbf5faa5ec6ff23cfeee46649106df727ad2379a155c91238d41f933990149aeb49b34bfbab981032001

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
61576833d1531bd34e42c87c6ffae8b9

SHA1
ea7c592fb6548893492ad34dc58e1b7fd978d62d

SHA256
452b530615fbd60c5d239115be60570b4611b56d88ee9358f1c6a25c28e66088

SHA512
89cf9b52c19e0d822a3773ae2911abccd6064abfecd32ca8f10a28a6932143bba75e893a38e3c85ff2c6796d99dfb07b87412f14151f30dbcc01656046cb79e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
0828da3547300a8861ed64680f78ee83

SHA1
1305ac334e2b949531eea98588df612dc72dfb93

SHA256
da4eaf21058ede7a1fb12d674ed63d8803b64df54ac4b288f7a963bf30cdb666

SHA512
cc3ebc7615782f86cd4c8430421724faedc042976bf618acbc7799e24cbfd5d31c9ee4802896b37d86de96b03838f21403fb0b526ebe661598b9be667f897e4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
d5180450a897c555011fafb637adefd0

SHA1
0a01819bd8833045a280c91df8e4f7c2b1235d9f

SHA256
9fcb3b2f3d9e5c8c57c2cb9c3d196e84b0095b3014d6c9fe512f93d1bd8bf612

SHA512
3de74cd9012dcf8f732671171c1dba7c35ee9ff6966cd624faa4e4f855eded5d8664114070df970504255c2bb51cc62924fd56ef6a4452adb5fcda59b637cf55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c9cec2d314193c9bbaf613f718db5861

SHA1
f736ebe8953d622d32f71562ff540dc0bda4f8cd

SHA256
78c3b2b33c0efc909a8c0ea7b109b660936710408839c47e8915628e455aaf57

SHA512
2c817179a16269fb7e1deda0bba70180ad230b591c4606284627cd0d88488e3fbc747079d011e13a554dfb27350779f4167cc32bd7922c6421b34323e26f8e6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
04b97101403f498e7206b2d3527348fb

SHA1
9eb4e10825942131fae9b13ca9ebe4683c1fc970

SHA256
afca727e8dc900df92a43d42e46dd1d1d7f6fbee567c0dae9f011068e3ca45b6

SHA512
15af3ea6a407082e55ab985ff8dfdec9af17becea32f1a3d9c02533349ac5d9cc7d08c85d92bb82193bc21faaf44a4f2f6e09bead19581067cbad16cfd9d4f1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
179ed30ac3fda73fecbd4009599913aa

SHA1
259d5f0488dff15452b3d2563e184b497040f148

SHA256
221644972d4cd8321abc526a33c27bcbba4d52e3cf45f2f777f0aaaa8337c750

SHA512
a74e09e113f277ea68c9520cf0bb8379a2e5bd000aafef991da607d373259fad3dcb020bba8ba3cecbb6b17470169bc39dcba2eaecb6909ff3c6a001ac039976

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
82f2e8d6dc95470cd2e5084e38fccb36

SHA1
91a9ced9176bb25d67d2249e27c28ec9bd54d04d

SHA256
83592ef70d4c4f622ab9475cc92a5d7ac2df215c50740150f54f8e70a50f020e

SHA512
318edd1958cd382a4712f99667597147bc594a50e1035be1d279cdeea7d24ce0b4855288988a59d030505fd462a573d11242636032103e666bcc74019e806609

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
2826a67e356c033169cfb70e1ce1f652

SHA1
00ef357ff7dc48733c909a349a53ffc64041c526

SHA256
3e5f431cfa3c70e70e248b4440eff409237e55ee1c6306e7ab6160a081b15756

SHA512
d8fc23e43a7f2583bafba257e18ecbef2d8be9d7bc0eba7a33423029738c211da5b6b9c54e33df4749e8a238ee8f6484f2f2a46005f2cb05dc98d756996b2aab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
36ff8dffc9e8c0682a171220ebdad965

SHA1
07b6a7313f8804f79fc2035f2a4246baaf740deb

SHA256
40252dd120a8a5d6ccbf76967a259c1a39623b15b31c9c66c5aab12310a35d77

SHA512
06a9daff8cfc06b00deb31315dca90233b899bffb54b8c2fb787a85c1931cac73760fd1276939a8ad6c28f84718182192ece670e165668c0eaffd464268dc469

Download Submit