8ed0c9391e135195769a6af53cb8160e9a28cc2d5afbe829a0a108219fb72b83

Resubmissions

29/03/2024, 01:18

240329-bn94hadf8x 3

29/03/2024, 01:17

240329-bnwacaec43 5

29/03/2024, 01:16

240329-bmzalsdf5v 3

Analysis

max time kernel
455s
max time network
512s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/jasdasdasdasd - Copy (3).exe
Size

1.2MB
MD5

d56d4b12a8d0f7d4a5a94c2ebe246513
SHA1

95543e702e65b8fa2a115c9bbd30b2feab11f9c7
SHA256

f290fa5dc611042d27c5bb90f063ea2583053c273b0ff9bc0209533038410991
SHA512

516a94e244e8650ed5eb358c2cd781f0c827dca33db14534570f908d1dc52c83492d8f63fbf0578f15f0db1ee3eb5ed184fc3b784698464184604bec1bf2ac1e
SSDEEP

24576:LdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqBO:LdofGbSIQ177wZvYjiiRDXASat5RgsLN

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
996	jasdasdasdasd - Copy (3).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2100	firefox.exe
Token: SeDebugPrivilege	2100	firefox.exe
Token: SeDebugPrivilege	2100	firefox.exe
Token: SeDebugPrivilege	2100	firefox.exe
Token: SeDebugPrivilege	2100	firefox.exe
Token: SeDebugPrivilege	2100	firefox.exe
Token: SeDebugPrivilege	2100	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
996	jasdasdasdasd - Copy (3).exe
2100	firefox.exe
2100	firefox.exe
2100	firefox.exe
2100	firefox.exe
996	jasdasdasdasd - Copy (3).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
996	jasdasdasdasd - Copy (3).exe
2100	firefox.exe
2100	firefox.exe
2100	firefox.exe
996	jasdasdasdasd - Copy (3).exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2100	firefox.exe
2100	firefox.exe
2100	firefox.exe
2100	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2364 wrote to memory of 2100	2364	firefox.exe	94
PID 2100 wrote to memory of 2984	2100	firefox.exe	95
PID 2100 wrote to memory of 2984	2100	firefox.exe	95
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 4784	2100	firefox.exe	96
PID 2100 wrote to memory of 3428	2100	firefox.exe	97
PID 2100 wrote to memory of 3428	2100	firefox.exe	97
PID 2100 wrote to memory of 3428	2100	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\jasdasdasdasd - Copy (3).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\jasdasdasdasd - Copy (3).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.0.1738850753\701063538" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6060e39-19fe-49c2-9d94-445e0d592564} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 1948 278ff2ea458 gpu
    3⤵
    PID:2984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.1.1847516601\968994770" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2324 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {382c50c5-fa1f-4c5b-beb4-31dceade4507} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 2348 278f6e70d58 socket
    3⤵
    - Checks processor information in registry
    PID:4784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.2.376945638\1634290480" -childID 1 -isForBrowser -prefsHandle 2724 -prefMapHandle 2720 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbcaf8c1-485a-4c2b-b132-512abe5d4aa1} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 3176 278878ba258 tab
    3⤵
    PID:3428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.3.1792838031\1168547580" -childID 2 -isForBrowser -prefsHandle 1104 -prefMapHandle 1100 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b82602ab-9dc0-4c74-a6cc-6eb0295c1f7d} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 3600 27887ea9258 tab
    3⤵
    PID:3140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.4.1548219370\1447634272" -childID 3 -isForBrowser -prefsHandle 4140 -prefMapHandle 4136 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c8c2307-5cdc-4070-82c4-fa2168913465} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 4152 27888cfa958 tab
    3⤵
    PID:3740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.5.601588114\1861916310" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5096 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2eec51d-407d-460c-84c3-8f3bfd52abf8} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 5108 27887ea8358 tab
    3⤵
    PID:3536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.6.1675239567\1190352974" -childID 5 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b3b6ca5-1f0f-48a7-8a49-614c929b1aff} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 5224 27889c87858 tab
    3⤵
    PID:972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.7.835814318\1602741001" -childID 6 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5c3c83b-0b50-4e1c-828d-a874d1c67b9d} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 5412 2788a544558 tab
    3⤵
    PID:2408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.8.2072379481\40966038" -parentBuildID 20221007134813 -prefsHandle 5428 -prefMapHandle 5508 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9d9b190-f8a4-4016-bd06-f5c93a58f8cf} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 5656 2788b034e58 rdd
    3⤵
    PID:5464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.9.377078620\838593810" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6012 -prefMapHandle 6008 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2e99c99-a0f3-481f-b61e-ce72887ced95} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 6020 2788b036658 utility
    3⤵
    PID:5488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.10.285747558\1925857242" -childID 7 -isForBrowser -prefsHandle 6292 -prefMapHandle 6288 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {671a6765-f5e0-4418-9706-60486c820aea} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 6304 2788b2e8d58 tab
    3⤵
    PID:5636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.11.356768406\402724996" -childID 8 -isForBrowser -prefsHandle 9932 -prefMapHandle 9936 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {391087ae-b499-4e8c-ad9b-b7f6b3719bfc} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 9924 278fecb8558 tab
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.12.163590538\384138534" -childID 9 -isForBrowser -prefsHandle 10184 -prefMapHandle 10180 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9805f0cb-3242-44ff-8b3e-c60beb8b8bd6} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 10192 278fecbac58 tab
    3⤵
    PID:5200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.13.1053219785\2048927950" -childID 10 -isForBrowser -prefsHandle 5292 -prefMapHandle 3152 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f036981-1219-4e4c-83fa-a1338b40fb38} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 5236 278ff26c658 tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.14.571139609\69857550" -childID 11 -isForBrowser -prefsHandle 9924 -prefMapHandle 9940 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c66a3a3d-3a15-46c7-a06d-96cfadb537f7} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 4748 27885e9f558 tab
    3⤵
    PID:1608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.15.875060566\443397501" -childID 12 -isForBrowser -prefsHandle 9572 -prefMapHandle 9648 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bccd970b-7312-4567-965e-7b5ac0151cf0} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 5820 27886ca0358 tab
    3⤵
    PID:5880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2100.16.259787\1992065438" -childID 13 -isForBrowser -prefsHandle 2708 -prefMapHandle 4900 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e9d466d-b654-4bcd-a752-8033ef4130a8} 2100 "\\.\pipe\gecko-crash-server-pipe.2100" 9472 27887ea6858 tab
    3⤵
    PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\11916

Filesize
9KB

MD5
1b651e5c5d43495c7c0aede86e78cad5

SHA1
9553f62ec2f9ebc0a982a781a14c8d48cae6f299

SHA256
72c6875c7e19a31f8a71af7bedf7d47482e8a6baffa6607b7c9da36d1b51a165

SHA512
74f10cd3b1d5bb8c621174b99714623447f78fdb50153a5b86a9d445a080cb23e76057de88e470527021ab747b50b518a1df479524fc663f2f4546bf8d9ff344

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\23728

Filesize
9KB

MD5
772fc7353c8f700b6b809f87de6cda69

SHA1
a75cd809cb30018f223769e8866432ff0a89a0ff

SHA256
30bb132cccd7f2d63a5f9f05a9738a67e22323e33ab65dbe5c105445126e192f

SHA512
19d674ea1ac53790335a4efbcc9788658ed3c0f6d7758e152fea3e4e9f4c9ebc0454e5015becb390f56e13d9e9f74fe8303d70fb1073329e487bb5482c79f1af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\24081

Filesize
9KB

MD5
c383d612cae3c591cf0c464dbb0e035f

SHA1
4b8130e717d11f589e7143969c2f94681f3020f8

SHA256
d9e816daacfde1230b7da52961bbf115aac0003b357a779ea8c6552684cc3d25

SHA512
fadc4feb69161e9723bb5cef3fa74aa150088b900bc86784cbd81bc18ae3f6b906aeab0f48adca4d874e4bc57b8a34c35a5eaf1939fc91dd99ff1d6e0d429ef2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\31347

Filesize
23KB

MD5
b1f4fc8b12d69f5d7ca7c22388cf4665

SHA1
ab81740c154c6e7e63aa64c23f7e8470c2990137

SHA256
a228c35fec9a36c38ea7a5e7c144f0af661121d60b895b92f974674b0001529d

SHA512
fb6cbea44a9e5d30cdb87130c8707538cb4a5a56adcaa8883f0a13bda090aca56f35b2646f53f13bd4d2a7f0411fae0f227c49d63ea82a7519c416af6428f245

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\6565

Filesize
9KB

MD5
68217d601e38cd2f1021f3363e0e6686

SHA1
3650cd28b87ff1c2ae4a7664f9079b0e0cd676f0

SHA256
21396dfe02ec7e0be0fd3066904c52e660dd817f29c51e5a3ae376df7c641023

SHA512
3663bf65fa0d29c520212536f94e67094394f66c135165051082c31cd80f315db796629f3289b33a3a88d8a529d31f291594d9c3e0c2490e803d09b2d02b367b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
95a5ccc82231e32d43e92fdc6f523992

SHA1
0a234c2e2919102437e7fbc9a5376f95b96c6f1e

SHA256
bc847cdc6e81a16cdc3c7a84a0f6081e602a387272ca57e04e598be67cc4de08

SHA512
0916a2e16bb0e0b968b7fc263d4f1f6b992ee72f0d80305bed09ff80e65909f9aae346bd778b76defb4926daa1abf5801dcaceebc401c9ad1da4ec82d6828072

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
b08616cbd25d026461cbabc19f8de92a

SHA1
16650b41fe3606a2245660a6ca18a82ccc20e238

SHA256
b59da020b9fa4b06ddf9dab4d31097054572cc8e9d2ec3e452fa08ed43d722c7

SHA512
cd8a844665a4e7180c11e1d2b2f3fc2e5ba265677194cd11182387dd2b8aa6dfe536f2d62e7ef3bb7edb5ae1897705c7ed730c6ec9c6b04e40173669c8abf15d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
2547dc48fa276909c9b6b522ea649691

SHA1
1c494409b0d22b8cbc2696bcfb1f37ba36cb572c

SHA256
ee6b9b1e649213eb1aa8c9ff4399721895ec2b90fa7954ed09b5858aa3a6de2e

SHA512
c494757be4d589d3c0481a79bd7e1d52c86a8ff41fadb91fca9523695f57f66d88e4e5bed06f3a4d2ea500c4b244d8007c13242b48377aadd387fd3853b4d971

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
b92f0e20ae1e4500ffc9e910f9e7cafc

SHA1
2229d6686a180fcdfdf7d4335958a183d24e80e9

SHA256
3b84200478722029d3e24c790e842cdefbc4839fab5b92452ea56e5e0268b34f

SHA512
d091c45dfa08734014712305fabe523c418b13cb7c8b65642bb0c57bfa7c4615a51c7aa2fae61d3bde384fca33c753db5cd9cee41c6e6bd4bda9eee3632256f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\995ca5ea-e333-4156-ac8c-2660951d4629

Filesize
734B

MD5
d6b2a9aa719138891aeae2dc4d2c3e88

SHA1
a7aa89af0ba61e5025459c5a2eb619e3059bc41b

SHA256
0b25aab43a9ffb7826a736ea6d933d446349e60b0879159579046ff9dd13ddf1

SHA512
505e12e716cdf5ecc979875a5ba86368f0446d577699f04e957eea7a9eb732793e6b1ce249a81f26010975ce99313ca2170beb06efe15b47ba6abbd5457e1d1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\favicons.sqlite-wal

Filesize
352KB

MD5
5b464260575d21a9dd5124769916fa6a

SHA1
0de5d3e20d1156bda10abe0d83da65b9ebdaff66

SHA256
ad0c8a5124090977e3e5c0b12483ba056a01fdf467c9ff2bc5afa6a7a9d6894a

SHA512
9494f11d02ae1954bcb3c29e157d5f605f50a4a07a26a5b42be06794fffc815dc35633d00cbe30e97115f3f20c2498751bcb1e2d30db380aa5b79d9ee969d92f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\places.sqlite

Filesize
5.0MB

MD5
0c550165b415f680d1f9a569b65ba6c7

SHA1
ad10303d591433055cdccf776a4304122f06261c

SHA256
7a34f3580eb14fdbd152021de69ffbfef4f09bfe40b2537ea810a3f79c8deb30

SHA512
5c956c706ecdb6475b9aea62af952f88fe6976d2eae66ebad0b2009f9aa96d4ad43c55f054190691f23abc807cbd807d6c8f7d2b5221f352cd2634edbbba085e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\places.sqlite-wal

Filesize
2.3MB

MD5
75d046d59c2c54f0eb42f78a50500057

SHA1
06e7329f9cabae91f599dea5bbd244fbbf7a2b48

SHA256
5b0f3f18712534898c3128a1e8331aada697ddc0a5ef0b16721f2c0c8edab2bb

SHA512
5f7bdf0223e86e295d9cc6479a8355ec8e4a615ebbd1d52e43c570c0338fe6fed488bad40132434095e990b7a603c9cbde95194b95fd707f556d30ae715f8ee9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
7KB

MD5
4875acf78fc5f47b03b721620d969fd0

SHA1
fdb899e36b593104b11ef4cd143d1747352d0b1a

SHA256
a1a0eb705026b817c19a96ca94be460aea0687b43478bb2828b7994503706c45

SHA512
a3b47694a6574221b6c6abbf6905018ab51400edfa863bc8c725f3b7787b0d477fc76595e33ac5c06da07b3438d9d732e35f16ef975bc4c88a483c9163efd2d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
7KB

MD5
8a268707a439c2e902953a3fb081249d

SHA1
619f6005b02d158d6756833b40e2a949fb2ecc75

SHA256
59ce3b630f4324409be0c2f4ea97eb7175496c9f0bd5e8bae967873c38e0cf8b

SHA512
80ef05c1b748608d1bf1e8cf91f904e1b03feff92658f1dc1dc033b407bac133ce5d4a80efe2238d11ebc31aaa28f321bdc0e74c793e0546d566872768f90bea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
6KB

MD5
317f2744b629d23d83f29346da99ce9c

SHA1
e381f2a703bce07d4bbdf7e42501dc6254ec7181

SHA256
c303e5e83142330b61e38e7a61247d5ecc1932b775e5e8a8af7752234d189610

SHA512
9a0c769214316d41d1b8063ec24892ed450148a6da2a24124f47cdf05e2418f7fa3eaa7a877265101f92983a97a649a033d76a01a488a82d452bbbb4cb3602c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
6KB

MD5
559987e7e644c9428eabacc85bb1b7c7

SHA1
c4b383432f87b1b57fe2d52f98b705e3c7fe70f5

SHA256
59511e6e38f1514531e2cc12c85db4d13a02b7a180494f448bb5cf746d20b37f

SHA512
9aa545873914f823048c78e84d39f85f468ed440668de15408700f3d9035325f05bca1e333f0e27bca461b8a120c475fe68261d61b6ae8abf038fb56d5ab1f42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs.js

Filesize
6KB

MD5
36788a9b8ef664d77a949f45f97c09eb

SHA1
8f5f04aaa44a5b85b100b88bdcf91abc7485d1d8

SHA256
5621d19dbd9c2c858b23f7e01b391d6ce0ebab1a0694d614b3abd82a88c9b7c5

SHA512
9f58cd9f5e649b8d43db6370b42ba9e3034f9d4454d63c5623d33f2e6791f6031a7de29622a32905f27d6289bd644da598ab9e635d2077bf4ae1ad52d43a4e16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
f40856decc0d421e10395828536d77d4

SHA1
5c65a26d48a4a077b2c6c404447e8ee2de9b2069

SHA256
f21af131d18c288780a8d2f2227c315fc11bc91f51a8a4de8b848fad5efd1e26

SHA512
ae4778378cc31d859508da6323a966a9fdc9fa9b910757ab088a1f9f6d08953e4186fc9b7211cd06087902a22a51e5e3a1827935907014970181077674ef7d81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
3251307489e85f6ad3512c6ee09bae7b

SHA1
1540e8de6fe9583d65ffed2e8ac2afdeab27eb4d

SHA256
2992ae01c77938819651ebd4ce22743de4c01402990bdcf146270d145dba0817

SHA512
0b69afcc100a331884270136c79f9927aacbd867731b9680a4ac41ab5711a798ab6aa9dfb5f6b88c39d2ff9757e43e4e974759c243e9c703400bb6035f85dc4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
883e34fee249cc8be550ce144acc1491

SHA1
9a3c534e0ff1689f86b47a52ed55500534f51d01

SHA256
5b4ce395f3f6eda13aac542e84904327c4a48c4f2a53e4550dcae6e53f5ffaeb

SHA512
f092ebd67176ec3aa025bb5dce62c2d8eb6ad0992e88bd17b30977bac5929f616b18821f897291cd627280af191bde0d79a7ddc273fec406460edc26dc4e82c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
7e422fb14bff7208c71a5b3269a69ae0

SHA1
f582c0b55e369fefb93cc402d6998d89602f700c

SHA256
1f7283bc04b3fbe3be2e7b8131d9b0fae6f904d8557bb9f1aa2ef91adfd426dc

SHA512
fd34989c709372a00608a4ba581d6249f8ba1dad227080221dc42b424c00a0204c13baa0eab5db997d89869068fc877481565817424772ba9594607dd49e37f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
503de15b81977d882169f2388ae84d0b

SHA1
cb6d0f62184c409462ea90dce8db25b71c42173e

SHA256
44913d3ef86e995459bc7367145292324e54c806723f2d43d18fba51aee9e42c

SHA512
fdd4dc3ae9499a987ab7d236d6549fbe139bd19a827d3328dfb6bcac7d479c3ae7b0cffe3b01cc6504778831dd511dc74a156d9afc53ec2a682097524f08c8ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9edcc875d3d816509e0b76f4867dc114

SHA1
cf515b839f24bdaef26fef835e34188e8789b448

SHA256
56b67153a1337e831a30577b2d2969a9c2ecfa7b7835c291da5317e4d2c94cd6

SHA512
ade4d2a2dc3443d6586c3590ea1b2b86f72a3e27297a4f466be645bc5854dcb2687b3a278ac8fa83a8d858ae39fa6a0721cff062e77e6e67c2f3ba94b11ccf04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
ff21ec0416acdbc9fa3c741aee3c7ab7

SHA1
c4d7a27498caf8b2ad13fdcc1c44aa087b43ffdc

SHA256
477d0b14360e7de5cc4251b1640d2edee6645a6773b85d3e6603c53ba00ee942

SHA512
08cd1626e92c151ec38e97a6adaa6e14e86bc30af34aed18f3c5747d5758bba39e625cb8f28c6964308109f66d3ccdd924e55338e8b8faa2ed9bc08ce9686b55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\targeting.snapshot.json

Filesize
3KB

MD5
9d8f22831d0794bc66343f173bdba926

SHA1
2c70e08d94925c695657f304e05e4940ce30398a

SHA256
ff4ebdea8511129847d5b34acc0852e12a09aca77ea906f452efe7872e38e017

SHA512
5d80e01401e9885076a5820e77b6d90a6309e14eff74d5c40e1b588b3f686cd40c95e5d8702f67918663246361ac2254febdfaf0d10f872dd3ca44c60d929821

Download Submit