9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
445s
max time network
511s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (3).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1936	triage - Copy (3).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2788	firefox.exe
Token: SeDebugPrivilege	2788	firefox.exe
Token: SeDebugPrivilege	2788	firefox.exe
Token: SeDebugPrivilege	2788	firefox.exe
Token: SeDebugPrivilege	2788	firefox.exe
Token: SeDebugPrivilege	2788	firefox.exe
Token: SeDebugPrivilege	2788	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1936	triage - Copy (3).exe
2788	firefox.exe
2788	firefox.exe
2788	firefox.exe
2788	firefox.exe
1936	triage - Copy (3).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1936	triage - Copy (3).exe
2788	firefox.exe
2788	firefox.exe
2788	firefox.exe
1936	triage - Copy (3).exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2788	firefox.exe
2788	firefox.exe
2788	firefox.exe
2788	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 3820 wrote to memory of 2788	3820	firefox.exe	88
PID 2788 wrote to memory of 4080	2788	firefox.exe	89
PID 2788 wrote to memory of 4080	2788	firefox.exe	89
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 376	2788	firefox.exe	90
PID 2788 wrote to memory of 4152	2788	firefox.exe	91
PID 2788 wrote to memory of 4152	2788	firefox.exe	91
PID 2788 wrote to memory of 4152	2788	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (3).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (3).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.0.119074672\18057836" -parentBuildID 20221007134813 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c64792c-3860-4d4b-9eb0-83a8e100009b} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 2020 22678cda858 gpu
    3⤵
    PID:4080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.1.211923567\361395829" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2392 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {109145a8-7bac-441d-9f02-a94de503b854} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 2412 2266c172558 socket
    3⤵
    - Checks processor information in registry
    PID:376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.2.291583597\1472441120" -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3236 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ffd261-9d74-43a8-aecb-e9a4c342841d} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 3224 2267cb9f458 tab
    3⤵
    PID:4152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.3.59767666\1146795527" -childID 2 -isForBrowser -prefsHandle 3060 -prefMapHandle 1748 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe1a7979-0afb-4a5e-9280-76e30e3506da} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 3044 2266c174958 tab
    3⤵
    PID:1068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.4.813489643\923363865" -childID 3 -isForBrowser -prefsHandle 3728 -prefMapHandle 3720 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f15c621d-65f0-47c0-b25c-1866c8aa8374} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 3060 2266c165558 tab
    3⤵
    PID:4476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.5.857888723\475188719" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4868 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2388b98-a95a-4248-8217-0ebe005617ba} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 4852 2266c170658 tab
    3⤵
    PID:1564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.6.123780875\1473158276" -childID 5 -isForBrowser -prefsHandle 4868 -prefMapHandle 5036 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f734cc3c-b9e1-450a-8f85-16ed6b912215} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 4872 2267eb39458 tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.7.1203220788\1855943191" -childID 6 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b673ce3-a280-4e67-8624-03b1b228bb9b} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 5144 2267eb3b258 tab
    3⤵
    PID:4752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.8.813371193\680502088" -childID 7 -isForBrowser -prefsHandle 3772 -prefMapHandle 5588 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc0bf7dc-af51-4fa7-bac6-696f52574925} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 3776 2267cb8c258 tab
    3⤵
    PID:4392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.9.386372059\138291425" -parentBuildID 20221007134813 -prefsHandle 6000 -prefMapHandle 6004 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35bb6394-c64c-45a2-a624-014f2c683ffa} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 6024 2267ba21b58 rdd
    3⤵
    PID:1932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.10.1443186938\473197822" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6008 -prefMapHandle 6028 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88580c59-0a18-4ebb-851c-13df8c94bd1f} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 6120 2267ba23c58 utility
    3⤵
    PID:4288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.11.1750303437\406172171" -childID 8 -isForBrowser -prefsHandle 4580 -prefMapHandle 4584 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07cc2d71-e5e2-40d3-95d1-e04a9e3eff2c} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 2832 2267b3a0558 tab
    3⤵
    PID:5676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.12.601407932\782949025" -childID 9 -isForBrowser -prefsHandle 1752 -prefMapHandle 6396 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcfc96cd-7f8a-4dcf-8cd7-65a4e1133342} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 4404 22680a96958 tab
    3⤵
    PID:5728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.13.138421957\2074042007" -childID 10 -isForBrowser -prefsHandle 5476 -prefMapHandle 5136 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9506501-0d0d-4e2c-9454-7c2620c27291} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 5308 2268080a558 tab
    3⤵
    PID:5200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.14.1953891280\786509593" -childID 11 -isForBrowser -prefsHandle 3732 -prefMapHandle 6340 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c6e4284-f7a8-4370-bedd-c7c6e469a538} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 2884 2267df15658 tab
    3⤵
    PID:752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.15.42633285\1486625752" -childID 12 -isForBrowser -prefsHandle 9532 -prefMapHandle 9528 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {212029b0-c2ed-4bfc-8803-49b7e7999f50} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 9556 2267e144758 tab
    3⤵
    PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2788.16.1211443729\971821372" -childID 13 -isForBrowser -prefsHandle 2940 -prefMapHandle 1348 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0b0f693-8b92-481a-bac7-fe2a6f99b1a3} 2788 "\\.\pipe\gecko-crash-server-pipe.2788" 9464 2267b89c558 tab
    3⤵
    PID:5632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\12636

Filesize
9KB

MD5
078b9f89ae8023efda4059cb815eb7d6

SHA1
76c432430aef269308a4834ea74d570f5c08e1c1

SHA256
628e54aa6f58a60bf16684988fd0a93b8ee1089d2e0b2659cd694ab7a49b3d20

SHA512
4d9730c95882fe7d206cdb7d4d79db79ce9b27534eb05fb6a1cdc7286ba96c128e0f120c854cb249a09f77371ce381b1c820272017e60530241787a26a88a4a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\14080

Filesize
9KB

MD5
01fd94390dedc68c76b38d9945f86b8a

SHA1
a5de2b51d8ec4b75db39c5c12898112bbbd7b154

SHA256
b967b2ad4f047ac90e47d205bcc2c88d478b35fb1eb6873e44bbf73943835200

SHA512
5db107989975ee240871fd5e95f1d6b077b0fbb9f268502a0fb7477c9c37d1b292b10d593410415cf8286d22db9118ab4c1a841ba201327d979545d5a20aa5a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\17976

Filesize
8KB

MD5
c86d27f05c0eff860f9fa9a83a64e3a9

SHA1
5ed65b6d3159c5a209d93022c2db9aa0a3b1f810

SHA256
58f31ae9c1f74fe0b0edb4cfb573ce5a901a49f08340972062f7d194de81a23a

SHA512
cc06961fcbeebe1c7c8467bd7199bb5fa16897b78e8f7a878892bf7a20c500536914fecaa5b1ca9eb2b2525ac2fb242e8c954dd1700cbb3d4e653e5b3b55bf02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\1915

Filesize
9KB

MD5
2057d3580877e5d248a4b3a68068cb4a

SHA1
726f35c0de0e5d5466cdedbdacbbdc0ca41fab87

SHA256
24bf053457434a0809beb20d19ab45db5b6eb7770635a7677ac1cdd85f38d59d

SHA512
f94333371c3720c1ef9a298d115d386e2fe0398545692b927da9ba102a7100fbb82e4dd0a07d16838bcc7a7a742188aae847e5517fc5d836810578ffe8dcae12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\20398

Filesize
9KB

MD5
39ccb3de20ed4a0843e45c7c988df70c

SHA1
dd616cfc70e266959c51cdb753e45b3d83877d9d

SHA256
e1edc7addb73518b11e746d748d35b98cc65b138db73c6c5bbb820e686dc9d81

SHA512
d50bf0872b6f13600a7e6a4d9eca01750acbcfccbc7e99f384bc3e7ee2612b3df1cd35d145d93b154949aa57c5a0aa0b71d116fa3c5340e026a37e1c510cd544

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\21535

Filesize
9KB

MD5
0ff801ad678352fb8be404153c9f56b7

SHA1
382b6e21a12d67e41e1fe146c6e5031d277e7c8b

SHA256
c64ec6a60d34e5b140ee1e40473f81239852c91472c1289290f0bf8a6ab10da0

SHA512
e1b312cc55e8f2e665736c4a2e680d61e34309d08e170f1014acef0d3397897d0b2a5d5135165ec79472226285f9fa03de9c88e353b0fea69bdf23becfd51d23

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\3230

Filesize
8KB

MD5
42bdc3f186db9226b4f7bb5e875503c7

SHA1
2e16a53dfe6d02bd1703e3135f63e9e80996b606

SHA256
07da68c46045782fbbdf8af8fe7156cc0e8a0eb76c34423e17dbe38a6600dec1

SHA512
38dd6f2eee510a35a8e401800a3e968bdea2db4ed6407906b1b752dd35b1c2a0ff80ea4e1bae96522f67c45779c323f98bd0c76a2ceee11115ed0a00ca7a30e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
fb19161aa77006eb9ecbcd81bda2824f

SHA1
2d621fbcc3eb6b74161d6c016837dd66c3c27c16

SHA256
2d9e0b3f730dcde3dc248bf8cef83c20f65ae3889d00a7acf4783c89e27b271c

SHA512
98b17d5ffb28ba171e2a14c25f2be85b1dbe07e2afd8f1003657e44ce777b15d767ae8845cbfe76751c56568d3b78b276e26c51ed41a5544b7400a284dc0197d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
5d2929a442d8e31b6fa5f20a7b6735d7

SHA1
da5d51097bad0d4206d1f615daa69db77d189189

SHA256
5d9237d34d9d2ae42c0ed4425e701a6980fc4a3b268ebb774a10746cda605ccb

SHA512
1a220f6752528b7c79068628d34df1daad6c78d8fec55760be73d64cccdb2026884926b59a71e93be5bb0e54c31b6001f39f11cb756399fe6ac25fe90f46eea2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
e9edc5dcf947340a20b6de2485d158f4

SHA1
8238ffb82326bf2b94068a3dc922f751df28546f

SHA256
f91ec00ca358d06ec4cf97b1c0e91589f0837686f948b01153e9856225745395

SHA512
78d133a40f80eeba91fc469f3a7f8913a79bca5de3ac6b9889de8699e8bae0dc91a4d9b3f33a66e6f40403008712c99219d4b8c147be6dbe5833ab51b0d7fa64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
240ba8559eb2129c9de23ef68fb49e6d

SHA1
bc37cc5e3dbe368918d503e4304aa90006fd99d7

SHA256
b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec

SHA512
ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
5bcc4e0138ad722437c4e5289f91a7ab

SHA1
02692ed21763d44be18cbcdf24cd9dfac1f2c9fe

SHA256
c363cc1dbd61970939ca1bfba28ef3afa258523a5c822ec0ec33f61d04987bc2

SHA512
26a916c2d060c5edcf16d80b5934ce9265d7524097f008955ae5d1f3701601b48b5885b3b1231b77e2a8028be081544dde84f51c26d8d46fa87086fc1c041005

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\pending_pings\11e934e9-0efe-4251-be35-a4f2366a46c1

Filesize
734B

MD5
15efb6cb0b12bab39c5338d24a302986

SHA1
9f5b7e1bcef7ab2f474838e0a0357c8933f5a158

SHA256
b45b68ea851214012f4136d1a35a61c1e60aeea479b43831e5f6535bfa70015e

SHA512
83584843ec8d507d41147877bc6730fb3507ade57ff759a392cb5f1ed1e5153f4d246985a0070b383b79d80c60287ace95e0083bc40497a4b359545b074f03f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\favicons.sqlite-wal

Filesize
352KB

MD5
3e248694fc815f3e6488481c8482c461

SHA1
59fc85cd23f1e86cadc6b2c5d37d0748aecc6de2

SHA256
92722e9cdb19b305571de4fabd614361ba9c1761d10963249793565093f8e607

SHA512
0e228893c558fd59d2bed579db58f222e53d2bcab6def89e45cbf401713706670753d7085047f6ace53a43c4f5570ca811ffd180f2ae2721314e7b380eb1b42b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\places.sqlite

Filesize
5.0MB

MD5
c1d205a5a4edf1a94557d36448a0793c

SHA1
46ca576aa3b5da746507dfbaaf0d6b2b5410aaa3

SHA256
3293f63cef067ff5d1f7bf393d615f1e6aa84810a8a10cfb09753407fc3ae323

SHA512
37c585ca63fe6e5e20e2af5744ed1cfc7d97c3d5f20552e78423b83733a2b7647c3ec130270b942228d423cbceb892307c4260c7fc8d79d8be934c2182764c59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\places.sqlite-wal

Filesize
2.3MB

MD5
3c1c0cda57b9e95702369574eabafa98

SHA1
6cf93ae0e54d82d0567269c4ed1b140fd219707f

SHA256
0a6f1dab92a894eacd843777bf62a5c31150e85f95161556f50e3df03c050b28

SHA512
cc973ccb0c2a36c0f61b2d12daf83203e08f841395126d8b197018e10a49b389d7da947c01fe847d510d0f74202d1e04c6496bdc5426160375e1aaef027d0065

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
6KB

MD5
ddc6eebe4be16a39d8321153a5278aaa

SHA1
f657ad0016f372f999ef575af6becd10ff0cf845

SHA256
d245bf3e589bf2adf07214ae8f267a023082a98c965313ac9e6a357bc8f91eb7

SHA512
03ebdb5fc0a6d9352c97aeb88163ba17ad9e1560d278b0878b6009da06527b0f1e39c3484d5adf2fc2eb765be01cdd1437f0ad65f7a2e83219f920aaaa6041a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
7KB

MD5
aad5aff648334f192b883d1903b61c42

SHA1
ae26b953acd298ed56944b422390092ef5904242

SHA256
efe8cd4da470e5649cee09da2dbbd04713c1aa70c45ab8f133141643efbea64f

SHA512
676dca885fa402fd5995bed6972a68cf8ca3ba998ae03d38b27d43acc2071faa395956334bc1a950b595d083b6497aefcc0bbe8a7ccba874748bf8f311ef2012

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
6KB

MD5
4ebeaffc6e682ee3151ff2cea34c323d

SHA1
61c08e1c14473c78fa3f6668589abdbf02537227

SHA256
2e19dc2fecd395479beb16c204f40c28c8911544b745c81160a414e3aaf3a9a2

SHA512
9b009c925e26d181a9124a910921f11da80a63d1f213c96f351115db51c556aa65338d58cec6de3caeeba18e5c381cf83be0230d75d4dee655b425dfd88db4b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
7KB

MD5
a0e9c9373f3c9c253d002d54f4f8d4e0

SHA1
9657a94064811eac92153481152585c7d8e1c8ee

SHA256
6272f9f4a1df56817795529fd1a9f1f07350c00a746d3b013adfc08c730ac207

SHA512
51a6637b3654f401c2a26a72af13eb15622bce057e2529a12ae8c8b6ba9bc9b0a58dcaea9e8373132ad65aea143fc0bdae9e5fb14ef6174b7091bd96d029b01d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionCheckpoints.json

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
67ebfff126415f51b499fffbb6655512

SHA1
02d82ed6bf903839d77547faf1b226666ace366e

SHA256
9535b22cc9d3724c3882fe78fa5308a2557fc1b0ec01ccccf027ffcd58bd85af

SHA512
c76541bd0a61b748681a28fc4519c942712aa1f41f0b13d88fc165743c311bc12ac1fc6b0156888721ab2812aecd99b427e0c656b0e8ad45e83094468e2fddc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
cb3e8072fc1a4a257ecaf1ed2c3b6965

SHA1
b8aca70c4aff7e61e02748e4b86f9225db28312c

SHA256
7cbf1bfa84340b8a6b0bdb9b1c819bff49ee5f95b09c8c20f9c6a76c36b16f9c

SHA512
7e33736693a55660794dc14c119fc68b81e86b564835f485396eb29b2c602905a60bd061e1cea160ff2cc5a7b0b864b816545e987ac0a591b3ebbc815c6293a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
99f289a2827d9f762b4ef7c733d04fa1

SHA1
1072a8034534555fbb4de2c66440d91756507cf1

SHA256
55e4320a7dc359012bc06c0021b9a2bc11b4c88e4f6ddcc2d61c125542ead61a

SHA512
f1e15255c0706ecb9694eabd8209abdc0f813d89e6d6cb8223090074f460e9ae72c62dbe8c2d9d8d901a61f2c12a6f860c4639dc2bcadd1ca76073db0b1578cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
7752e5e7db790de8836973d762fcd18c

SHA1
1683a79fa31886e62045cef1e81fda680d800084

SHA256
a02e38548e60713fd3343a030ecb8cc2c46bcc55ee189b91a5dad0afbae97692

SHA512
12508bba1b5be735c5df2ed52a2a17083ef5dbd8a8a15de6a6f6ce438ec3fe633768cd26e8c56fee7094445bf4aa62adde3bb9506e25fcbdd1c8f4a984ee386d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
8e8952503ba984aef6806960c8433f1e

SHA1
5b78209d347e106f98e1711a5a933b55b81731e3

SHA256
29a28acbdef19a87221a7e4dd3f29b227eb4a165ef640c599a7f49331409911a

SHA512
331ce003881ac051117c62f4055d9621d8e94739110f37f79efb7e635a5555803df1b8add6dc75ba6d91393eb971aa9cd942e11c0084befc742953a1bcd0d422

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
e511f4d10fbc3da837098dde80e778c9

SHA1
ac195720ae2ddd1d41f211ba053a4387c7093fb9

SHA256
53b25d462a75537ac8c9592985fff2d6ed10926153746526b4c80056e54ca736

SHA512
7a1ef9bbcc061046d2abcefd848132858d63ee2c903495598323bca581f5e158ca28dea407308c89ab192092d6b615dc28bc67b67cdc84c26d3af87503e264f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
8ffc111eed3e6a10dd9bf7b4fe3973be

SHA1
4c100c821cd5478476267b681fd8c83cc4e82d70

SHA256
a51dcc5dff7cff2f312853af268cfab8211d8cd86d3df61a438205d1b3286cc8

SHA512
9217991368f6663d12117f711f3e4a25ccebfa0d46c702a267682f2287559b48b8e6f7653d48dcee23732da73a8c7ecbb95c9f94455f0e5207087c698c6944d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
8d973380036443ee1e548fa75d87182c

SHA1
664bcd5299e580d630cd94750d69796fc98c6baa

SHA256
c921eb945925794d6b5812d7a87cb5ef69f95ede1b634668a83a88ccb76f907b

SHA512
290aba5a4537e4983969b57231f0a9a5efe99d4200ddbde9224a5484cdaa4dec2c59e50b76ca2771a34220aa32edd54d1cb234b1a24fe236ec6070e41440e340

Download Submit