9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
71s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (27).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3560	triage - Copy (27).exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3880	firefox.exe
Token: SeDebugPrivilege	3880	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3560	triage - Copy (27).exe
3880	firefox.exe
3880	firefox.exe
3880	firefox.exe
3880	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3560	triage - Copy (27).exe
3880	firefox.exe
3880	firefox.exe
3880	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3880	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 5112 wrote to memory of 3880	5112	firefox.exe	97
PID 3880 wrote to memory of 4988	3880	firefox.exe	98
PID 3880 wrote to memory of 4988	3880	firefox.exe	98
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3152	3880	firefox.exe	99
PID 3880 wrote to memory of 3188	3880	firefox.exe	100
PID 3880 wrote to memory of 3188	3880	firefox.exe	100
PID 3880 wrote to memory of 3188	3880	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (27).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (27).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3560

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.0.27348198\1828666154" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc4ca44b-2e91-41d7-841a-66e89df1066e} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 1964 25abe40a558 gpu
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.1.1796033881\1758244848" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08d67144-fe6e-4804-aa4b-3adae0317f41} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 2364 25abe40d258 socket
    3⤵
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.2.26841726\321850521" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 3048 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17c485ec-b478-44a6-ab91-31a217fbaa41} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 3116 25abe45c958 tab
    3⤵
    PID:3188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.3.748802738\1561366657" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3504 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55ee0e1c-95d4-40bc-9ec5-82f7100b453f} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 2400 25aaa870758 tab
    3⤵
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.4.1107534155\80172557" -childID 3 -isForBrowser -prefsHandle 3744 -prefMapHandle 3644 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45281ef7-1dee-4134-8ec7-55024ba7b571} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 3756 25ac0ecab58 tab
    3⤵
    PID:2860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.5.777556841\1765549026" -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5196 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbd0831b-bc6d-4b42-b1ac-6e71c1347fd0} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 5220 25ac43b0a58 tab
    3⤵
    PID:3036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.6.1985885029\345229687" -childID 5 -isForBrowser -prefsHandle 5224 -prefMapHandle 5212 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59dc2145-5701-4e01-a738-c3fad652827f} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 5280 25ac562de58 tab
    3⤵
    PID:2072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.7.27440433\1911729327" -childID 6 -isForBrowser -prefsHandle 5244 -prefMapHandle 5236 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48c2af76-2530-42fb-b614-a7f27e3ed5a5} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 5392 25ac562a558 tab
    3⤵
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.8.1289548515\197151700" -childID 7 -isForBrowser -prefsHandle 2952 -prefMapHandle 2804 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eccbdf5-4ef0-47b8-8a10-7c9e0596cab5} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 2824 25aaa86d358 tab
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.9.70392380\1815317574" -childID 8 -isForBrowser -prefsHandle 5864 -prefMapHandle 5868 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5ca5444-abb1-41dd-a95e-cbefbc14ee32} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 5860 25aaa866e58 tab
    3⤵
    PID:5936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.10.1662433856\1409418320" -childID 9 -isForBrowser -prefsHandle 3136 -prefMapHandle 3712 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17b96e46-d8ed-4f42-9f59-690dd8f3099e} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 3716 25aaa861658 tab
    3⤵
    PID:5432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.11.519653839\1087309483" -parentBuildID 20221007134813 -prefsHandle 6260 -prefMapHandle 6268 -prefsLen 26725 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fe2d01b-c0ae-4abb-b752-df470218f8d1} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 6188 25ac372c358 rdd
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.12.788390571\890489957" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6400 -prefMapHandle 6388 -prefsLen 26725 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6389c4cf-6c7d-4b46-9e84-04967e3b4172} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 6376 25ac5c27658 utility
    3⤵
    PID:6040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.13.150668956\718551808" -childID 10 -isForBrowser -prefsHandle 5760 -prefMapHandle 3684 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fa22fd4-9826-451d-ba1b-0e1dccab47f7} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 5740 25ac179bf58 tab
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3880.14.446825766\1474596937" -childID 11 -isForBrowser -prefsHandle 3616 -prefMapHandle 10332 -prefsLen 26772 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba5b7015-ef4f-4d83-9212-146c86f12979} 3880 "\\.\pipe\gecko-crash-server-pipe.3880" 10480 25ac6573b58 tab
    3⤵
    PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:5800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\13306

Filesize
9KB

MD5
8e503a228f7d8db6061d69f5c4a5bb4e

SHA1
b2ebf4d04df1a824fe1c73d290cd15ea6a8a680c

SHA256
1836146c2c8017ef35d5ec516e3486effe951d3d7d9b61f49d1110408b320e2b

SHA512
0f9c0e425937cf0db7dc33a0be91ff3234de7887d64bc810854e4f9396551ddb5488b21e08d3363f7e5b592d6867e3cf960a32f34423a1c04045680f9ab6b338

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\17692

Filesize
9KB

MD5
7ce8b69262b2075307c687a23345ac81

SHA1
fbe664cb447c0584627195886a6b429ae5170ca0

SHA256
4d843cb4a7aeecd9aabd42a507ca87188fef3a88e83c10a2e86b88775089d783

SHA512
7b7da8b7cf936c60a79c4b84310ff52ebb3d5f088212cf285f98abcd8c7d9601de1c2ca09978b6c3647d8c9f60a0fbfdb43f45fb2d51c37e7fbeb38c89a530cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\19427

Filesize
54KB

MD5
fc1bc60b35ae7f822f3e550825a0ade6

SHA1
230a5d2e1ff110091f94cbd2ec3c477551b5c3eb

SHA256
c02c0a7be9eb3d35fb824ee21f149e6ca8f13c2288d247c7ab9f04537b9b24a6

SHA512
af6993e9633b1089655195aaf407e545d30c1a04e04fbe5623875cf459e13efd22ae44c8b6da846d1cf2657a981d71973bd90451f0299e7a68a6c487cda8630c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\21101

Filesize
8KB

MD5
69c906d2cde7c6913c3f3397ddb034c2

SHA1
1a6a7ac00dc8399fe9fbac93e3a66119ff733ece

SHA256
37a964bd3c1f4334fa6bd37dc18ab6e77d95a14f4b3f39597b35fb77222ccfb6

SHA512
a3812c9f10a7a83175b240253dc3afcc1e77513fd53cda393f81a27adbbec75eba9f0db0da16a677265101c9bb4d44cea9530bdaa34b19d3a9137409705b2b9d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\23793

Filesize
9KB

MD5
2a1ec262a7a411cdc64b4b76846aca77

SHA1
d6d9761136617158323728dcdb41e665b3c086d9

SHA256
3d2b6188d10dda933464d56e76cc96a9dedd65c8afd4bf1328a3df2ccb2ab04a

SHA512
a9226a6d363ab995fbc14b6b800e46fafad12002abc2ed9786b76fbd9c600732f4f71486599f696fa3a50e3b5d3999f08a0dd6e4c7569c43afaea038bb4fcbde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\26351

Filesize
8KB

MD5
0b4f9fd6048edb5e3bd5d738ed5d7743

SHA1
e9c5af7e62181f33a9390d32d01f1fa5c6aa8084

SHA256
b7ca4b926866f07273462cd6178e6ed758683ba88c34e0a7612d93694f37803a

SHA512
bbd23d59bf5f950d12cb2a641abe593595d39670c987e89ca31c1d6f8943c0b2267a2832105837ac3d0e7c4b0e19930bb588371a7e41d8d37513909fdc67c6bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\28268

Filesize
49KB

MD5
32082c87c1e8216c2b39706fa9af96e0

SHA1
4f9362cb8fa0b9213a990abedf2d46f4de1d0826

SHA256
c9a0a65a5c11519822976d41d7db937c958b88577eb3ecd4f31c674f1085d41c

SHA512
ac9d6fd02d40a938f74542107148730b61a95f4123cffaa29f29a0ec5974201d4d2ea4a46bb3578a3931944ade5625e1e7aa071a73647ff5f59b274b5420f15f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\29304

Filesize
9KB

MD5
b950960cf7e59472b0e62705018ada05

SHA1
0e13a55c2fab57b2439ceb8afa734d457d91985f

SHA256
3ad3fb08f64bdefc2ba843beb89589ded6ebf95cc711ef7c878c69df68551423

SHA512
370338db1175427601ffd7f17b407959948e0e674c89e979a51f34c9fabcf9eb637cf8af729b00d7e98247f28680ed3722951024a59d94622ecea8b9ed2b9c87

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\3386

Filesize
9KB

MD5
d5c53aac2411fbcb70750c0ac854fc2a

SHA1
e0a11d1c416f6365548fa856e2a64196960a66eb

SHA256
f78b62b15a77bdfefa6d33e993bb66f13f3c895331ec44b8758c76e715a87cac

SHA512
bd6494179bacac8ac9e06109fbb74a07390ac6ba04af7218728496a8d8e778b5dc044292a000c45740d7a28225c85d3ff768f46ff792615024f84a27a778fc91

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\6579

Filesize
9KB

MD5
61fb178ca0dae5753a8cba17b7a14216

SHA1
b59740c64c011e5adabb2f523bc904f56c43bafe

SHA256
4fb151e288ff6b5a27e4f674a52f08b6458cfdc526a3212ee777200409646243

SHA512
b766fb59b27126ecc710bc1cdbe0ec7352752ce91ce92ef3601aeac8c0c83b8b3e518d7be63bd880e08ba8d00c1f5b376c2c1c5461ced288c80896ef937269f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D82ED10047F78B4F750CAA390C240BAAC50F3BAE

Filesize
10KB

MD5
54b001582cba9c74e5a896c731459d19

SHA1
8a27ce92fa3a9e3e2aa13898c591dc9cad5ddeb9

SHA256
e0d6904c6eb0bfaa2420118a7ab8574320b18fda4b88ef297386d4f124541c56

SHA512
8b5c70679407fca84c7cf919aa8147c2874a03812f3893f50500387893e70ed6e9a8b5361a8c5c9f2db82dfdf92c342e20f25f13296f639fb3fdf148857a3172

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
fa02e1fd1089179ca2484a0dfb6309b2

SHA1
f29037fa6ccdc769cbc9cb709024297a53ad664d

SHA256
5242d5382876382bae47fbdb2453e23feff3cd4816f72fe13fa583df19cfe972

SHA512
512452c5aca4ece7924569e27b1f12a44c76ef55e3510783009f373c4dce9f187f8c64f592b235c1655aa57bddbb0ec5d24fba50329eed2040fc401debc43f9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\9455f1cd-80aa-412e-907f-745d5de5923d

Filesize
734B

MD5
1d0230b7b4ffb15604868833df724a10

SHA1
2620d8c22b5198a75a02b6763806b5c7bc40668b

SHA256
6aa87cb3af10181046a14fc9ded621af817d73be5142253deeb60ed7d0624103

SHA512
d5d4f78aeaf8f7f0690d8d50e1e56256e969c8e8e8656ce676a5c710b4f80bba1269627ba6f4ad27a13ead4e3ba8b333e059ca6ac3ffd6a1b17cd388b6900e90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
462c3158c5902474c6832dffd9091967

SHA1
09e85150e6b995cd0fcf58bbe8992796db26141d

SHA256
4d4d35dc96c18a5b6ce8f1e03789e8a35e723d0fc05313a94272e227d4dddc61

SHA512
3041932f733b5dc408c5b4140d9fb1deadb43fe825e4698d4141939106fec5713786f37742f8913ebb2689a9537c3ebe79db65f2295583790765576dd870eb5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
900def2cc5a795681fcc493485e5a472

SHA1
3391fd0595b3769498e3831ccb0abc2687f85fbf

SHA256
76f76d0673ccbd6c721b26230ffef3a1ef58baf9906caa23127c26b820d6404c

SHA512
57468454d494a59bc8efc354fc3ef2d5c7df565e412a554193a3edf3b85150bd4cdfac7f8b1efd2ae6241993db9ea3f24e6c0c135b68776c8090f6afb186751d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
cd01a5df7bdb313ef958855ca26be013

SHA1
6583f67c441f5117c1a6be6780c62273f5843cfb

SHA256
de0a328f9faef3f91c7b35449a12c8cfad5bf4693c8edb071bf74bf85adff5cd

SHA512
1aad1568ba2d4510a2b063f4b283bca5170c85d53c1745cb3af498f351164d50f54ff7b7579e581308e1797fc18ad87961108cd6a60dfc45339e3ee6e04d0cdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
ffe03eb625033eab7e5645a14ec1d113

SHA1
fe31dc4956b1868a67b7e009e9f6cf9df53763c0

SHA256
5027ba159634f3c0b08d5992805603df87da23900d2a558b3a0efb735934a628

SHA512
006b81c7e0276480744fba868afec3bf8f176c2389399d9bd219e5447b1a64afc84ef3870a9b23816a58074c8499c8634ae1e841b17ff62f7b1a249fe4fcd322

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
2c17cb09b8e9bf0f50d923ec35a4e323

SHA1
0d196c25973bb2beaa7c0f1264aeacd00043b138

SHA256
05e397837d7e382d4bca624de64ce01f2f7737a6d9baa54bb415e390240da667

SHA512
939ad3741c284f41cf9ced1c238fbef4ac02a40b60d7a731d3db14561ce1b5cda1bc6c208ce63eca5aa32391a830eb85cbf15857281bb41c4bb15b4367dea3dc

Download Submit