9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
231s
max time network
257s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (16).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3884	triage - Copy (16).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1700	firefox.exe
Token: SeDebugPrivilege	1700	firefox.exe
Token: SeDebugPrivilege	1700	firefox.exe
Token: SeDebugPrivilege	1700	firefox.exe
Token: SeDebugPrivilege	1700	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3884	triage - Copy (16).exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3884	triage - Copy (16).exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1700	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 4860 wrote to memory of 1700	4860	firefox.exe	96
PID 1700 wrote to memory of 3976	1700	firefox.exe	97
PID 1700 wrote to memory of 3976	1700	firefox.exe	97
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 552	1700	firefox.exe	98
PID 1700 wrote to memory of 1692	1700	firefox.exe	99
PID 1700 wrote to memory of 1692	1700	firefox.exe	99
PID 1700 wrote to memory of 1692	1700	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (16).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (16).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.0.1427192804\431506668" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33f49bd9-d608-4268-a834-167c035356f6} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 1948 27bd3fba558 gpu
    3⤵
    PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.1.822234954\1885965210" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3abeb154-455c-482b-8d3a-57c407fd8aa7} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 2348 27bd3941358 socket
    3⤵
    PID:552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.2.194301970\1468144764" -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 3116 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86f714b7-24e5-4e63-96d7-7aa15d348b57} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 3148 27bd3f5aa58 tab
    3⤵
    PID:1692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.3.1107539779\2069725146" -childID 2 -isForBrowser -prefsHandle 2504 -prefMapHandle 2500 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66a9329e-0541-49bf-8ef7-e1e146372b67} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 3496 27bc7571958 tab
    3⤵
    PID:2648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.4.742118568\1310028857" -childID 3 -isForBrowser -prefsHandle 3496 -prefMapHandle 3536 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbe4bbfd-47da-491a-86c5-2ca27ef19807} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 3756 27bc7562b58 tab
    3⤵
    PID:3388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.5.2146444916\171368678" -childID 4 -isForBrowser -prefsHandle 5184 -prefMapHandle 5180 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a06ff0-a924-430a-8871-836a092418e5} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5196 27bd9bd7658 tab
    3⤵
    PID:4136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.6.1613112884\931777585" -childID 5 -isForBrowser -prefsHandle 5236 -prefMapHandle 5232 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51a3f3a8-e1ba-4533-8ad0-808459aef1ad} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5204 27bda880a58 tab
    3⤵
    PID:1944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.7.368499573\374431977" -childID 6 -isForBrowser -prefsHandle 5268 -prefMapHandle 5356 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d98e896d-c3b9-422c-8997-05b66b98b89e} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5384 27bdaa06c58 tab
    3⤵
    PID:1396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.8.1106119944\829152983" -childID 7 -isForBrowser -prefsHandle 5660 -prefMapHandle 5548 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e721bc06-567a-4cbd-9212-2ebf3094dc10} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5500 27bd8ce0858 tab
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.9.842652631\315612206" -childID 8 -isForBrowser -prefsHandle 5964 -prefMapHandle 3916 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80ea2612-e117-4487-989c-fa94d6f47b8c} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5924 27bd62c6258 tab
    3⤵
    PID:5872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.10.1645321823\502820593" -parentBuildID 20221007134813 -prefsHandle 3648 -prefMapHandle 2876 -prefsLen 26285 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {601e2739-c20b-48b5-a982-1954003ec272} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5888 27bd60a0e58 rdd
    3⤵
    PID:5460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.11.112063263\173428925" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6184 -prefMapHandle 3648 -prefsLen 26550 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dc36a73-5073-4265-a7dc-3a3d7d4ddc2a} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 6196 27bd8cdea58 utility
    3⤵
    PID:5656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.12.841145074\1107905459" -childID 9 -isForBrowser -prefsHandle 6408 -prefMapHandle 6404 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {200eabf4-1a21-4d66-a02a-b1338fea95fa} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 6372 27bd61dfc58 tab
    3⤵
    PID:5760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.13.1783036579\51658152" -childID 10 -isForBrowser -prefsHandle 5080 -prefMapHandle 10516 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb85e271-9c50-4255-9e63-cf4a49aa94e5} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5116 27bd8cdf958 tab
    3⤵
    PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:6108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\12429

Filesize
9KB

MD5
7670e632cd7962600908d5ab7dd9c654

SHA1
aa40a7562bb980c02099f02f449164204ee2e6ae

SHA256
78962c65c54f34260174964dbf721012d5db786098a973ac42fc2123e41356bc

SHA512
f75dde42f3edf8abc9adfc956d09844497412b19187375e4597dd96fcdcae8f18237db31d6dfcf0e4e9d049a06dea6dae576d3f2541387cc37adc6bc30a18708

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\17642

Filesize
6KB

MD5
1c7804064b2e0b64fe2d4ea06c15efa5

SHA1
ffa90b9217782cb25cd59aa9f17294010fbcd67b

SHA256
d088d7c21f6c905f77925ff4c8f1fada5e38ac1d64e78fe07aa8f77f0ab65c0e

SHA512
06c69c192c072d5441ffe494e2d1ec3fd90900c30fa2ffc60b95ad485df47bf4559fdbac733ed3170ef7d2be2bf03880943f650eb2c3cfd060aa9dad432002e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\20643

Filesize
9KB

MD5
3e8fe6c5bb5f34b3f517ffde5fce3847

SHA1
91a6b68c2462698e9e9e6c7d477d014de963df7f

SHA256
c6bebadc5bca74f3771476708dfe11c7b11c94d325c704ce85077b6f73da8517

SHA512
f946f9e6d6412410527348b6ede9a0049c7f51e419b1bd7b48dc1b8d6c55fa4233cd7a0316add2abc90bbf937e0b508af7b44f755745671efd6db0c656c60903

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\22550

Filesize
9KB

MD5
988cb481c7f266ddcb84d8b0d43f3986

SHA1
1bf2ad37781200031bd37c1658da8e9ae426cb9f

SHA256
7b084e47158bc29928e314c6084343a8b5fc1803c6ebddca3a963c72a00bfa0b

SHA512
7a5bd02d392fcd551cbeff9d120e8977e189972bba2bb41518afd5dc6d639c92c1caac2040e76ac6b998aea0835fd3150a260c83f1a7d50af510f329e76a32f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\27305

Filesize
23KB

MD5
ad715d217bf0228aa26b1566a768f96b

SHA1
591718a856e859b3ba7f54aae13fde37e2872b53

SHA256
dd2572d251e2e6365a2a9e26297cbbf227d4da0ce82cfb19551a8e1fd34ddd68

SHA512
8adee993ba49df418b6979d301a346f90c0991d7e338c052ba4b2f38c6778662323b24cb8ca8192753169d82f928c6f56e9ba63f197d31589a4b36d387ab1dd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\3446

Filesize
9KB

MD5
b2f4bbc6f2eede4a1c251b96d17b8372

SHA1
32b3fa1fbae92514f740287463aa203391055bee

SHA256
dfd2a8917bcacdc18240e4961031fa1a6aa7410c440255e852b17a443b78e27d

SHA512
5e86f369c7b5dc290c1efaebc1b303b82aeaa206df8cd33310342e313b89d2f6443c6e7bba344fa87b78d4aac27e7a3bdd871886c222513dbdedafad9714b630

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\4220142F9EE3B916D5CB0F74EA155DB7633D9A51

Filesize
173KB

MD5
ea20dcb1bdff8f6d752e1841f5a658c1

SHA1
f9c614e3186d887233b869b2dd31b2844c228351

SHA256
57356793fc5756d479c06567588e665cb8631e15cfdb44a21cd5bcea2f55dba4

SHA512
965f68b56bcd2d46c98ec2560c37c36a865449d2a7c1193eb789482541373a45ace9dfb6a664fde466886e3f3d6757f07642c06ef0f4c30188152fe4e6349c35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\52D6DE9CB6806448C8C808EA8977B9006B2E8A5D

Filesize
10KB

MD5
1133335af531637479bfce420d4ac5f3

SHA1
b0704783d54cd7ef46f5dad0fcf190821dca4c07

SHA256
0c4ca56714d854674a07a8e5e231134cb6167c6a114249235060cdf5e4785670

SHA512
c333791a1556ba1b263d6706f9673670a4911af65a370c73dc6c2a8515ffdc05dce542d7de4d2d78a7023fc6d9f7147f25a551589b9376de59e0997bc5f333e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5A5F58B74F374960975331FD09B7CC28BEDBB092

Filesize
190KB

MD5
7b6545880750353c95713e830fb34b14

SHA1
e31e872334823d0114d3da3907285dfa51174878

SHA256
7a39c3ca3b418b0fc1733a91172fd6adde29072b7f1857b876b646117653d791

SHA512
1c1e80d69cdce4dfaf6903586cebd2911b0331364d68a17d0546a716c5e9012b5dc39569760477341a0fa52d009fea194c6478e29e2f36746ea9eb35d2269806

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\ADA62B91108D8D2AF0B771D4836AF935E3986055

Filesize
66KB

MD5
3154097360a8da47b0f4024218c84f33

SHA1
f9f5800132e2977b7c2df3c3a8c8232cca3ea005

SHA256
fdf96c78f37fcfb2cbcbc1cf97d1b50cd0e804d203cc69a7b386fc848e1830b8

SHA512
6eacf195f0f91ee94634453fbf7d3b6bff28b1bdbff2501d8c147e50ff1fdb0ec63f67023324c4ebf5aaf11ef96b4ef7ce6cc643249e6ce0c4be6d3d7d660847

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D82ED10047F78B4F750CAA390C240BAAC50F3BAE

Filesize
10KB

MD5
3d13bc51b0b9a3dfe113b2080c9ec006

SHA1
a1f7095ba2ae14abbec23b789c71b688063a5c92

SHA256
af7cc37e94322522c1fcee2564a14ef9853bffb11cc215171d173736a2640007

SHA512
2e168d5881f51170251698c14c66c3d43724cf9c4e969a18cdb0a31b3f7ec556f193b4b2f1588e570dfee94d3eda0cfc485da75fde464bf8c6d8d56479f0692a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
131dd7c1df46acea4e38f8cdcfe404f1

SHA1
174a5f773197622f59407e21ed0e5d32be1bf153

SHA256
0913d26c6ca373f136fc93f3db1b84995d2c77d04fdc541c92fd4560521722bf

SHA512
a4d385b5669fd91bcc44d201476d171870714f7fd6e10a8eb26648ca60ea13b6275952ce4bbca05a395db81d26a9a3716bada7c7643057763e35961ebaeffd57

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\EA18F468E8F9C303D7AAEE42F2861900E8CD6CA4

Filesize
294KB

MD5
0929cf49306bef75d6808ebbf2d7cb9f

SHA1
ebfe339ed43be65ca004173e5ebf5ba9c1dd13bc

SHA256
08b5ec4092f93b6bee7cb71dd4f49bebd9a516450ac10d116e97eebbc4913668

SHA512
73e0a26e49166e3d4f008b8e3ecc569f46a51f90d6b89f43ce820993ef96c2ffb788683ef37a2e15711b13bdc8b5156074b2060883a4eb63f09dbb2e27454841

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\jumpListCache\0eYjhxZEH93H9vA6VqP+sw==.ico

Filesize
1KB

MD5
8aa42d7492921c8351173895910d62eb

SHA1
f2f2f66bb469ca95b40c3a55c032921c9a2a6436

SHA256
44989c9e067eb1ea0caf2e12d1e66d29d7a0e394ae36e3644753e3211a907945

SHA512
f4e6a92d2061df394919481bc0c0a528b26f30be2579648b9c06ae8328f215f787f7b1a5d29b0c5a963c29cbe1188aaf1acdb01ba215dd6cab934e1712da8e8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
ed455b70cd024e3cef9808c80807ef18

SHA1
d33a7de352d74cc08ab29984c25813eb32741038

SHA256
1ff0538a9fc68e4d308c83d01d34995bf00c8d26de06cf89534db88f2f6fd359

SHA512
24b8115a7acec3ce06989173892c98e72846e7dfe3227341dee8da903c5beb993828284d229118a86d7c544cc12ef98d592fcb0bd2bc30ddf31d3af3216b5ce7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\565ad35f-5360-4cc0-90db-f8a58a1bd928

Filesize
734B

MD5
dcee8e979734fc737ecb37eab7fa13f0

SHA1
c8ae62f18f1f3b9743dc06547cf5ad994f171c19

SHA256
48178d1395c9230b7b04d776fce5bfbacb92841425c0d7941f9b408e777b6ea0

SHA512
14b3a609b87a3c27d021996976f66548ae3525183c59f944a54dd9ceb05faa6974f31997bb947ccb3d7af844df5def485f8ac7963e126dfe750970451b92d435

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
71195c37fae353e73f3e2fd3cefb2f56

SHA1
6c26751b691881548793e297e36abf72400d14fa

SHA256
c0daf81de7afad751d0ad7d4a3949f96b1ce4845766bf2fab0f122fc5f8077db

SHA512
8cd2c897f117c8ea8337a5b55f6999571eee6f91a3987d35f95228c1ea8f2ad09f28837a3e5d553e78dcf39487afd92f0c324f65fa0f5b07a38ef6a2774684e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
a62c60fb6e4edaa2cf641ff19ed14bdc

SHA1
15474df7c93d9855a5f01bb92497e3b1c63432f2

SHA256
4df2eb62632916fd1807525b52770f730c0116a3baccf7f4efee2cb9dddecd9d

SHA512
a774d7323164be09766ff7f3c7f4f64d7ecd89339ebffe42d9207dd94dc749607d5a2ca86c13223bde10996aa6580346bd9dc671ba5d4c1551805a4d513c8e20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
66c5c72a68d501d300f78fa3bb15ee1f

SHA1
cbcd95cd62be82aaf18d06eb36b50643226ed6db

SHA256
b0af5c5011f1e96aaac4bb6ebaa2dfadfd4b73e646a36f1e513d3c174452860c

SHA512
2744956eee9fde886401261d7bc6294eb20ce14f934140e974678a78b23eca6fba697ff7fd53ed8f210cc5ec3e42e6bedbe88116c18738691adda8c383ad878f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
f99095baa06f7ee7cacf308f4f7387af

SHA1
8d685358b2e36a771384e021b575f4b6a16d3b99

SHA256
9bac42a68d29feac07af9f23d1e8b03169b2154431d9d5a853940cd027f34cb7

SHA512
627cdf823616af09d3e21dba390c67c603b7fc3248f7a8975af265ef9b3bd863e8ff7aa52dff510804739831f8c2848d64bfd80203638e4df8e2fafda19edee3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
7774314ba2acad8ac9f40887f9e389de

SHA1
22f45ac77e14d5d248a0e4621855fc5592a7912a

SHA256
c01248aaa07a18c5123e917ac0e9997654de0d8cd58c88f82ff41b76594ffb8b

SHA512
bba556e4ce37aa8551db49bc40c69f0bddcd4e8d97f712aa6517621f080fe5dab1ab888dcc2f93a61642641590e553311d46dfa89cf0038bffad6ba30be9aba4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
f7b94968834c12fdb81fbee6a74ab811

SHA1
1353a7b6029f46dc38abff638f322bd7d4fdadb1

SHA256
d47cbe913523385d7cafdfba018ca4b56d8513365e29a2e5c5992387c2850004

SHA512
853ec504f1ece1cee879172e882cad69e1a2bad5479c288e2271d28d047e3c59e72d722829ca2fee68d8d97daf0b3f9c5eced2b18aec40e981d1fa319c6e5c62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
ffe85fd423b64c182cf1614a756d44dd

SHA1
86c2b3d7342f6e1aeb2110afaf65d00a6ea4dfe0

SHA256
acd8916fb239e670da1c1128dcf13bdeb4dcecf7f89bb94483e6612590866213

SHA512
c5f3de04e1a02c2043e59abd659aaef21b76468372f0c0dbd2939297bc60c086695c495dd7271d4787bddc2a9d3a9fc5462c34e99466b944eaa26a2e40cb3492

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
c145371f479ae3a0a77dfd22672e187b

SHA1
6e7d9d6490cce6f14e460dee203b518ed428a06a

SHA256
43c25ae7e621356155c86e5c0f8349a038c6d617421c67ee2a47866d29210fa7

SHA512
ee9e4c80577ffd6e2d1f8ef0ab4009325db1eeb7374b698a767c9e1113df86806c6ae785cc5cc966ecc56497fab254233f985f32ddc7b9b3460eee65a4997f05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
d3ac86c4cbb097bc7fc5d95f858e7489

SHA1
055459293363dc2a50fee8aec17aefa4be6feb97

SHA256
18be9a3428d0bea4b0da48f279136023ad6ede552afa276d6aa0f945cb5b02fb

SHA512
fee30fc89fa9503b092d16474e8281ac2f71f25270e5488fe2c0ed42def1fc5574662f7995e96b4a98fdc5ec79682514203a60912c0b47a717634fd0a9efab00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
06fddde30f6ce8475e18aa0f86497bf8

SHA1
cc337e0e5be6fe97239ba8ed83cb25cd8974fba7

SHA256
88b534b941d45038c75ff9f6868f9d85171e357c0d8b397a3bd8f2175569b7f9

SHA512
5f1e0a6342938c790479c9baf41b8e75844943d06b43657a36599a59b09451cc4f007f65e653b1f91d2110d7328c8d3f5ae6cd63cc0c5ae33fe671cc485e3682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
1b8bc91a7cbdbefd3248179b60e917c6

SHA1
f7369abe3e54274e4378f3163655020d892eea43

SHA256
054d78d34f520b8b423e9f24fc18690d4590d699501a233a1781ff78115136ca

SHA512
34036d9013d80900dcacb0d127a29c7908724d8973387b7214d3b407b1eee2a0c2fec00308c11eeb4b8836e3f7db9619434621c3f7ae709c71474d8e7677e14b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
717b3c9ad67ad569f53603e367b10e31

SHA1
1c4f0fee5ff40b2489d81c79980b0c9cfd66c5f1

SHA256
b3cbec3a5b40a8fbe4d0972d2aab340b6ac49f4c93a6567dd38d91a62632387c

SHA512
4b8fb44480d90314aa1538f5a9e3b496f3be0ada40be2f5d4aeb14d4a724a0f3d6e7126d597a2a96021be4f2c1702349c71cfd7ce34cb269d5b1dd0bd503cc01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
85b888e1e8c9b14c7a96be460d6f075e

SHA1
768fbf530eae48d2dae5d58b7b5acb50b7257186

SHA256
aff3ec2429b141ed8e6cce29a2cb97cbe096e926a7e30444b28f624dccf96c7e

SHA512
e849e1d9ebdaefbe3475f3e3f44609e65eb2197d90a58c87267138f4db9afa7914f20bfeaf300ca43e2ba24424db2a238a10b47d48b65514e51dde5a495bbba7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
ea5367823cfa1a4825299f9598263859

SHA1
59d3be9db2a5e594f7871049ca61e77e529ee791

SHA256
ce14865ed8c5efee369a0e33887e62bbca6ea68b39c4fe8d22b9df6d3c6fe9f8

SHA512
618565446ce81f1338c87b75f68f065379be5a4cb0dbc0302047cf8118cb315c5a283973331ddebf5a120a8c014639447d784682dd40224d2638ce50abb36962

Download Submit