9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
125s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (12).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2244	triage - Copy (12).exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2244	triage - Copy (12).exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2244	triage - Copy (12).exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4828	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4452 wrote to memory of 4828	4452	firefox.exe	89
PID 4828 wrote to memory of 2404	4828	firefox.exe	90
PID 4828 wrote to memory of 2404	4828	firefox.exe	90
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 1580	4828	firefox.exe	91
PID 4828 wrote to memory of 4944	4828	firefox.exe	92
PID 4828 wrote to memory of 4944	4828	firefox.exe	92
PID 4828 wrote to memory of 4944	4828	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (12).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (12).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.0.793375489\1226950354" -parentBuildID 20221007134813 -prefsHandle 1928 -prefMapHandle 1908 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1022903b-d125-4b5f-a18c-89362d490bd2} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 2008 27c7cad3458 gpu
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.1.1353658703\4770946" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed589733-b46b-41f8-aa0a-38e20c4b8dac} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 2412 27c70070d58 socket
    3⤵
    PID:1580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.2.1212635308\1701235880" -childID 1 -isForBrowser -prefsHandle 3188 -prefMapHandle 3156 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ad8b518-c0e4-4008-8ec6-18aff30802b4} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 3068 27c021b5b58 tab
    3⤵
    PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.3.1009706434\278587285" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {398c5518-99ee-4f88-84ef-22050afaeccd} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 3620 27c008eb958 tab
    3⤵
    PID:4620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.4.1059623947\1548155715" -childID 3 -isForBrowser -prefsHandle 3972 -prefMapHandle 3968 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37843401-a153-4a7c-93d7-647989c27a92} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 3984 27c034f5858 tab
    3⤵
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.5.333787355\363115723" -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 5036 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e10607ae-be63-4c87-b7a1-0e292f47cf5f} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 4784 27c0216bb58 tab
    3⤵
    PID:440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.6.911514040\1950484540" -childID 5 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c89573-5ff2-484b-9602-2efe5c24e2fc} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 5216 27c02794e58 tab
    3⤵
    PID:1020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.7.1732372722\1658654916" -childID 6 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4407e1e9-75d2-426d-b5f8-53a12bd0100d} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 5408 27c043a8758 tab
    3⤵
    PID:1976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.8.509768918\806499159" -childID 7 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93105922-5cad-4068-89b8-0b257c8aa346} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 5448 27c05b36858 tab
    3⤵
    PID:5208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.9.1011379503\714968672" -parentBuildID 20221007134813 -prefsHandle 4696 -prefMapHandle 3980 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {331d58e2-cec5-4265-afb8-e810e00781fb} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 4316 27c0214d858 rdd
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.10.399204321\772900123" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4692 -prefMapHandle 6140 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ad9bf3c-877a-4181-9c5d-5078dd9e476b} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 5616 27c0087a558 utility
    3⤵
    PID:5508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.11.1138134361\1037533111" -childID 8 -isForBrowser -prefsHandle 6256 -prefMapHandle 4116 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee05dd6f-3d21-4114-bd9b-a4b7731078d6} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 4216 27c043a9058 tab
    3⤵
    PID:5152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.12.1306217653\812133099" -childID 9 -isForBrowser -prefsHandle 4148 -prefMapHandle 4216 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {caf3ffc1-0441-4220-b5fa-021f70a6b0a5} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 6284 27c05b78b58 tab
    3⤵
    PID:5260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.13.167073137\269819601" -childID 10 -isForBrowser -prefsHandle 5696 -prefMapHandle 1732 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5d3409d-1bd8-4cf3-b8ae-970b0598061d} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 5796 27c05f7b558 tab
    3⤵
    PID:6048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\11513

Filesize
10KB

MD5
eb2f231fcf1e2707caa896e3548800b4

SHA1
a93a2d2fe19d4fda96218a8a00a38fc23ebf5288

SHA256
0047771a570bd28cf083408eba2eda17d873dfc564a996661a0eed38d70b86f4

SHA512
b91a356aef711d0c178754f06693d728efcc0b01370dad3b24b9fd4300650d99b9d28b5c9806a22c66ab308bd49c62a52a469e59201332042f21a3b3e7c8fab9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\13430

Filesize
9KB

MD5
630ff19d35e4f60bcdd08310ec2fef94

SHA1
9590253c7f6ae44150588625779006fc9310196c

SHA256
04176c422447c34f7a53e8bc3182e0d0b0be29c57612fe45d353d4f215bb6b82

SHA512
cec39b9aedd00674f0f47e4e9e53b00b410b9d00c6cde132744db12462edeeb3591e57d3cd0defdef669b68d72b0606cc5fbeb4ecf0137e6f03d27aedb082e93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\14441

Filesize
9KB

MD5
b1f48234ecb8a4fb2f37b1bcb7c0ddf8

SHA1
ca86e8ac8453ad762ea9db8b7f2739c907d240f4

SHA256
4407b002dc86db2e79583b6d0e4f12db2feffa6445f28d5f261f92e14c884695

SHA512
9db264d3f5b919659b48ea75dd2cafc252e629fd96fb1bf152c0965160487ca133fb815a2e07c5dcca530fd09d5f988d0f7a09ac703096619ae137e60d6a4cbc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\18202

Filesize
9KB

MD5
1c1e94468267aa00113bcf0a8b077a82

SHA1
e1e61a13b2f567b99af7076ef916674519c6d66a

SHA256
4f2aa92990b7194d0fc74d1c135f021ab7ef83f29fe09c644122b54c493fc798

SHA512
69c9f15c42e6950e4b4fd9b2f31775abd25bf815be0755e25a2cc68a4f97db03887700e3268813c5ef74feb3053b92f17cbb9cea17bfa64a73568ede1be1ba19

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\19177

Filesize
8KB

MD5
6ff9243e3e695818a3458c2b6cd14f06

SHA1
c094fdeca62c8c41ae3576667a0d60b0781c49ff

SHA256
b983967b00e48c105269d37d2c97f4f97fade36be3dba95cebd91e097e10f306

SHA512
dda2451f48915e1d960cff82739c13ce1d43403587d663aa1062a167a22a34aba31ce718427bceb662885b865b83fb93f47a0aa2dcb2f9d85f8c303844d8c617

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\22589

Filesize
9KB

MD5
079841a63a7daf9085e55b545ed7abc4

SHA1
02cb31351b23b55cc2451675dc5ac5c5b5efc01e

SHA256
6424dda8da94205701cb9f8e1f97d8166f2962ee76aef9641e7256af1925f6cf

SHA512
c8260999c9df9af06ada1313d4267ce05ba11b5aaf008d81ba7ba32049705e1327659c4195947320f13c84146836b581141e309a6eaa734c7a8eab792811b5f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\28405

Filesize
8KB

MD5
4fa928c667cf01fa980d7ca542f58105

SHA1
726f4b7467fff4e07be771b1e691bc2303082230

SHA256
1cb28e9d582844d82ee8db3543352b189c94aa2af62749ebb824fabee259a254

SHA512
c1e8158ef9799924fa6d833ef00e8645a9b1d0998a5521b88d3c85ed529b45dbb6c9e9a59c21d273433e4621e92d153fd92650a85e9b10c5134d107a3106dc81

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\939

Filesize
9KB

MD5
ad3e2badee3f6b227405ca250839cac5

SHA1
84fff5f9acfa918869b7fe4f1027f931ea37f539

SHA256
643acf27b9be9a87b7b2982583a1c9488e6c46401e0d4e424f691d6ccfd3b014

SHA512
42032948eb919afaa719ed55de611799ab48171c4a60f1341923715e5d346eba46a6796b18bd8a3dd548ce42388fa679ef5d1a9d67ede592c5204035847a6c80

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\entries\52D6DE9CB6806448C8C808EA8977B9006B2E8A5D

Filesize
10KB

MD5
d4e3cca64d8d9189f7b8efd7a41db1da

SHA1
288ae4844abc88f11e4e50a68881f83547eed7cd

SHA256
c73aee5dd1684a41bd4b2b777d700cf701ba1e86bc16f2a309f591dca739d0a3

SHA512
84ad39c3ecac43907485f318aaa9b73d1ab8191129ebe7e5dbc52a11778fe524b55b6d17820a1bc2481b935a0edfd0c3cda3896c09d97d78cc055a7fc4e10a47

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
044063da6cb1136e635c053304823ff1

SHA1
625fbb2b46e258c28b9e02a29c57e18625a03efb

SHA256
d057f2eca1cc7e0618ce0f1cf5f10fd97ab884d05d3a5d779c708faa0d93e650

SHA512
6d1143e628a4811315b5ae5da5f95085163e7b969e0c9376a973afacd63c05c26097c573a1445beae25c769f204d30e4442f5c2e67d725b151f33521c08c2038

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
f8e738d3e9cbb80a9522983bf27076b4

SHA1
24b3469040c90331c843b51deff7d26461122e4d

SHA256
0d356bba0b226789dba5c35ace63a03d872f196332465ff752f26d3db895d687

SHA512
147d239f5a8a4a852b5a56a01ae893459b9c87f8c704ad326accbd348120f9f0a828dae22894b346f80f8bbed343f36a651d673e7bdbaeeb45ae3b127807e2b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\pending_pings\432f72f2-d7fb-4845-9c15-13a1cb824e17

Filesize
734B

MD5
9c5c271b26fd3c0b749fcacc3bdaeb8a

SHA1
df7fb9fea91ffd1a2bf45867a1ee6c5286257fe7

SHA256
9a3c067d711c22afb5cfaaa25d39c3b8aef62191a32fb734417dc6317871a842

SHA512
1e87fe8b0b8d332cf551917a37ac4426d98edeb457869894284d549f8e35f0b1f72c783ac7c83ef86d7cb6f54e1d5448162ae2ed6fcdcf2d60c6e186984112cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
6KB

MD5
03783644904aaa4517de04e93ca7abca

SHA1
a0e0c1ef31ae40fe08c88a5766ad4fd0ea89e2cd

SHA256
0a827c26dbba9dae08719ee3080934da0e3486188e4813c1e6557c817c7deb52

SHA512
722aaf9a05245cf715d00640b2082ccb8db4b88d3291de3c4d6ee7e6e8317925be4879543796083a8bb664b2b28897d4cd1eff67ab17026915885be8eb08bdfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
6KB

MD5
4e0acec11dd6a6273b8e73099dd2c0c5

SHA1
ae420d5808f82007e4c4a8765abc58270cc6dca6

SHA256
efd98d0fc65abadd1a85e59e1d3ac15d243ef29d0be3c6145ee6a6edf5c3f42e

SHA512
090b239908b000500f0b51314b3d7a26f0618df7dc07628741b2710ed0d9e50487236427b31098267f9d2f965b94260fae89a12bb3984ef5f341262a00d2b51b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
7KB

MD5
f3ce4da818f718ec103b259ec4c081fa

SHA1
f81032a1fddd72a43e953d887299bcc7a9d2a5da

SHA256
e1d870f582083ac98b0949953c524054409f87c91713bc7adfb682d2f3e58f14

SHA512
393af21efaec8fd176861d69518451fd155750b3763d493dce1dcf4814794609b5e287c9f21803bac2c75ebbb0c62ff0eecbbfd503105694935fa775976b0776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
6KB

MD5
8cf6dc0c096b7964bcb77b7c856fc748

SHA1
85efdfad2d7ece03be62f37b8400afc6867aa971

SHA256
7514e67d5d240478ab4398305f8eca9ecad46842504a32aefb042ba74fb1624a

SHA512
5b0d7ff480109136d22033472577d1b6a211f19adfbd99964567a75a463eaba61f132679525901d80c4ffde0d6505a3679b810854f1cd34b0857fbebf75d5f82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f18755e897c929f52331934c44f27597

SHA1
994634b8fe8ca8e272e3dd8ac21544bc382dae9e

SHA256
d8a1e481232b39205e2c6aac052a6068f82a79a610e00744f2644adb387a0593

SHA512
26b2d928c59eee01e36a363ff17b83822a8b34fb317c91b798b7c79ec7a8e72970f5cbc06d01f7e55b70e7c79bbd48aeec42b6aa53465e930ed7b374e5cd8947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
c44534bedfeecb08623614aaa8cae159

SHA1
53d0ca5b7f1b35806b72b7e46a0a438984340f69

SHA256
bd72e11d16ca7cc5aa6ea6c22058fa0caec80486d6ea168787cc091cd80883f9

SHA512
070d011b112570135cc3fc37a28fcdcf1f53c8610931d0b0de3b7f1da1ea0ddb1de8fe571b2b5d881218f2143ef49c6b3d764032c3378df1e2a3953dd64b3cd1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
edb48f16466f4751adb927796660bce8

SHA1
569467bba4bc4d7a8f7c4d634d871c787933a436

SHA256
c42ad44f321e453b91a4ac22495fa7555e430630c56c5ad2fa2743144013533b

SHA512
1bd2b540fbfc1b224bf0ed78bb11609ad825e04277faae0e35d12176f0546a7515937fe5a2d5354f1bc3a35104e4e6210e9ffc510ec5af7b39de20c427a8106d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
4c0401f2322e876520820cf19a2b2a2e

SHA1
76d42128704942577ef7c087cc2d9631f520bcbd

SHA256
afeea26a0becb7764f26c6dd636d20040b113b644e0f425b12b95cb1244a0dcf

SHA512
7015eb85652abc12d805daadc72d932c7a84a23d9f5f3571c1e753de764b9934ef96afcca9e58684c113b3ba1f1bcf56a7c9bd7d8de5f1f80c3f740a84dd76a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
0cdf22d9ea07a1660f982e11fa71ccf7

SHA1
c5820cb48d8ea71c784ef9b35e09547598b1be35

SHA256
d772d8d649473b25274f80abe04d6e6693b3b969d68d0845b5837e1427da3fb2

SHA512
609fd68583fbd86dc2c6a738e9c4603d836429a957a96873f6f194c127b750cfbe0d47fea3eee6e560e1b797bca68ce6f1809ce23ea505da8094af1e88bc5e9a

Download Submit