9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (2).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3332	triage - Copy (2).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3976	firefox.exe
Token: SeDebugPrivilege	3976	firefox.exe
Token: SeDebugPrivilege	3976	firefox.exe
Token: SeDebugPrivilege	3976	firefox.exe
Token: SeDebugPrivilege	3976	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3332	triage - Copy (2).exe
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3332	triage - Copy (2).exe
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 2568 wrote to memory of 3976	2568	firefox.exe	103
PID 3976 wrote to memory of 3416	3976	firefox.exe	105
PID 3976 wrote to memory of 3416	3976	firefox.exe	105
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 3616	3976	firefox.exe	107
PID 3976 wrote to memory of 5360	3976	firefox.exe	108
PID 3976 wrote to memory of 5360	3976	firefox.exe	108
PID 3976 wrote to memory of 5360	3976	firefox.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (2).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (2).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3332

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.0.1124893805\1761772499" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aeaa26cd-2582-47aa-b168-d133821392c9} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 1980 2e4f83e6158 gpu
    3⤵
    PID:3416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.1.391336962\573196543" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7d70f96-1db8-465f-aa39-a557fa9f4aa5} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 2380 2e4e4571c58 socket
    3⤵
    PID:3616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.2.458213665\1928153164" -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3116 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f733ac1e-57dc-4d7c-b756-16da8541aaf1} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 3068 2e4f8368658 tab
    3⤵
    PID:5360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.3.46294808\838014558" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77f7b23b-a443-4a33-895e-274173288c4f} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 3564 2e4e4569f58 tab
    3⤵
    PID:5500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.4.25156582\981700508" -childID 3 -isForBrowser -prefsHandle 4064 -prefMapHandle 4052 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a1b1d33-d1fa-4812-a409-6d685ead0c2f} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 4076 2e4fd5cbf58 tab
    3⤵
    PID:5592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.5.1912608559\1889585891" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 4988 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f1e2ae7-8d23-49f7-9910-0290550d4348} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 4672 2e4fc4a7258 tab
    3⤵
    PID:5164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.6.1571908198\494534742" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dee1791-0c45-4c0c-9a52-f681556ca8b6} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 5008 2e4fe466d58 tab
    3⤵
    PID:5172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.7.1507833941\418714016" -childID 6 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c08ba43-d8ec-4034-a885-62d3a68aedbd} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 5292 2e4fec10258 tab
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.8.96147372\1973880636" -childID 7 -isForBrowser -prefsHandle 5792 -prefMapHandle 5644 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {700d7633-1c0f-40e4-bc5b-d5b6d25f4d04} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 4780 2e4ff2a8658 tab
    3⤵
    PID:5772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.9.278479972\1380928317" -parentBuildID 20221007134813 -prefsHandle 5768 -prefMapHandle 5916 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9550e114-4379-4bb3-99e7-ba7c0486e8c2} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 6000 2e4ff4a1758 rdd
    3⤵
    PID:388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.10.1034201764\1358079453" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6140 -prefMapHandle 6136 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c883e240-d215-487f-83f2-ecbf4b7714ae} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 5980 2e4ff551a58 utility
    3⤵
    PID:1940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.11.717061126\1810707814" -childID 8 -isForBrowser -prefsHandle 10064 -prefMapHandle 10076 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {847be3a3-dab3-4523-9cb5-e17d17fb1c5c} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 10072 2e4ff25e658 tab
    3⤵
    PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.12.722335797\1203914031" -childID 9 -isForBrowser -prefsHandle 9900 -prefMapHandle 9908 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {531a2f26-c130-4e65-bf0f-20f6d5009d8a} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 9868 2e4ff6b2c58 tab
    3⤵
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.13.1967940782\1475171373" -childID 10 -isForBrowser -prefsHandle 5284 -prefMapHandle 5272 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b362491-80ac-4668-ac48-617f8c629e5a} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 5380 2e5002f9258 tab
    3⤵
    PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3908 --field-trial-handle=2536,i,8161505972217706694,705854963991409854,262144 --variations-seed-version /prefetch:8
1⤵
PID:6948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\1135

Filesize
9KB

MD5
7cf09531158e197392cbdb4dbf37d088

SHA1
701ae1f4d84d82e71e30710c6e23c99e24a1072c

SHA256
4a38a87b4940f022de072f24aaea6622b6a5ca1a4a58ee7717984b77213d9f83

SHA512
7a854af7c4cd35907db0b7726ef63204017576d8c11f860517cb5db66c179582660fcace289d018c40696ab6d9a06ef433db519db44d60898d5b0c28efdd6d6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\12042

Filesize
8KB

MD5
d91a65c3f2e95cdfd00e3a559b0b56ba

SHA1
922f970bc9f63505fb44cc1bec816e0047d97a72

SHA256
49e720b95f89d317f35d961b711003c1a157a92c94f990c71f45545441999ca2

SHA512
bd4ac4142081fda1aae125585912a176f6096b7f6e7ccf25795439bb1f1ff45062dade879f7eb123c9f5e8082fcf9deda8421b053dbd8946e9d6161ffa900ccb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\15123

Filesize
10KB

MD5
f87ed1f5f3e290f1390f3957be675d1e

SHA1
54bb9d17f596e3470e041c81fdf21f909fd3e327

SHA256
6b47b64df50bcc5ad0024d53d219ef35faf58c803ffc1e78cc8ea6b2cef47c5a

SHA512
414c3fe2fc0b7cfb6c8d0b07b51ceb9c2a9c240b4b9632876d59f527b33526ede575933b0d83adda566eb840946df640d68dfa2c14dcd7f2e712823745c61c12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\17692

Filesize
9KB

MD5
67fc30667a2071269aafb7bab911d1b8

SHA1
b333df3c99a1dfa152080b366059b70d2d876118

SHA256
87f000a0de658b2855a180b0123ed504ddb364aa31508a21ef2eaca6a05eb5ad

SHA512
c664ed256d3e6185ba47c17c2b3d0dc633ad1f9ade6a4bf618e0e9f78662ffae31448a87c4927a31919428a4532ea6ee6a7e83f4c346e0b24f50aa4604d16e90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\22322

Filesize
9KB

MD5
2e38dcb057a7620345de216f8666ae87

SHA1
425952a2ec974c23538d7fa891e11cce4775da92

SHA256
7a3a8d7063055c4eecf80721fd8d02366dc2a8278febea3b3d50af50711b073f

SHA512
596d2ad7004c2a0b2f203ac3c88083cdb3625811aedcf71621a9c98c376526a07a8fffc7cb83eda571a19e51cb4139782b3309571d5fa4bf32ace4a89ac9c0c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\22396

Filesize
8KB

MD5
94476ebfe96a3b5f7e1d4bcd62e17b76

SHA1
d5ef1432db4b360de3699a0fac61da1df1e8fe1f

SHA256
818fca32e34a2be82807103de2c807430c50d0130cf409222459ff8dbc4668e0

SHA512
0d7169d03e840a7a4325717553051a3fbfa9d3ae20151cb1dd4e5a973a60eb68349cb4754e70defa86ae80bee85aa44d0f12b6bf764565c7d936bb119a240426

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\23174

Filesize
8KB

MD5
89b5649f59892ee1a7c4c8f7de85e218

SHA1
0d2bee4e9deda2da4c940a87937cca50aaa63587

SHA256
b83903bd907fe23c70c7ad98c7adaf728fd6e5af3873574e4360c9bcc0c476c2

SHA512
450c0a387ad2bbc89aae724b787c7cd83457ff68381e99b039b727986de8a4176743dc851975c1aac0d328c4875d29a77b8b0fd60fb173c48901f06bcf35fa53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\27348

Filesize
8KB

MD5
050cacc3acf5ad8ce57afe5c2a015bab

SHA1
e62f8cfb57d9d5f1d7a7218051dee2ea83ba381c

SHA256
631e3e1a82252fa87ff132fe377ca58caa6e60387961e111fe962e5de6de22c0

SHA512
2c902f9471a4622b676bd7151c036875028666ba0c35f335b2ab6e893ee76c9e4051ccf475f668a6423c768e712759f3a2fe6a71ac1e44cd60bc0dd00e2519b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\29863

Filesize
9KB

MD5
44809a892d11292ae2efd02d47530743

SHA1
cc9b334dfb8590453b1b6695f03c7ec4e97d1a4d

SHA256
52e9c7cb39ece1236ee5c8afe0b99fcc635f5e463573420225d065574b4a590d

SHA512
33c3d1c73f7eceb1a3f9d9193e5f98f5014a1d5d21ca83f504bbf0ec0f5cc3ce9298e9313010318927c7984ba4b44c7b0460e0af258888734044389b39c2eab7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\30432

Filesize
9KB

MD5
7efe9d549f2d435402c0a7a3d4203c05

SHA1
a5847779e48d8dab1aee54411594353f913d4e21

SHA256
4462f8b88122879e2028fa3ab7f5d6e5aa1adae25201f4e8c2f2c4e7d0eda866

SHA512
1e5d42f297a9b7c05b3cf1e0f5e748c23d10da065597f241b5c949956e78c706247ce6f44c83951700d8f8058249977ff9bff3c5c54dc7ec0834ac126339fbef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\5205

Filesize
9KB

MD5
2413696b6b9790a02587309fd62b3e68

SHA1
efc589715e444e58a5b69bd8b212c2697e9dd6d3

SHA256
b7d031528725df74afbc27dbc15725c1db050fa8618cfd87c0ba132a3118ac97

SHA512
7e6af3d72895bed011c6b613e7a3bc4efe8fdb6d7482473170cd0bc55fda3516d44621400fa6be733a358b4097234956b0b390f7b5a5a8eff2e122fdaf04530f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
e6a6ec5ab28b9acc990301ff64f6cf94

SHA1
bde5911bb173af420083b0e9794024b448599dac

SHA256
800992cddbd5f066129238aa1323d909e0434529841f313e6edb16bf09c54743

SHA512
7c8ed20ef1e66d56740f1a6b591ee4e7d762a484c3e03bce6eaacc2a699e8ffd5b44144cb2df5bb1b7f54c12ae8ded9067bf06e64cabd65dbe8631d579c0b054

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
210daff057aa0ae28c7f753b1b46e907

SHA1
fae26a24030dd6a0418ab5ea8684313ac3dfd53b

SHA256
d2d6d36a5ec96c33352efe3049dd4d171d97a3ff4d469158f3788bca90397b8f

SHA512
213122e236fa590f7df7b0940a733fe79f1520a3b590b4570725a6b28ce7aa32cf9c84ea30a714ea18c2731660c45c56bbd744961ab3b9b4863a162dd703cdcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\datareporting\glean\pending_pings\85d9d5fa-4a3f-43f7-b704-b44d4ecf0691

Filesize
734B

MD5
64e9217c99b54155a481019e102c6002

SHA1
44ad334492142382b290a4aebaf9fed327e7fcef

SHA256
3b99dd752c4c80445f28fd0146d9d83695f3125715cb5ab853e14a9a0f6e7ef4

SHA512
3e94e1c6462847cf582a9b78036f6afa94c1f3a13cc81be99ec8db83d566b4f9355ba87bc29e0942d8b4dcf314ed424d5dd66f79f80b9b05f8822ecd04432ed4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\prefs-1.js

Filesize
7KB

MD5
7bd41cf91714cf641ff6f2f85393c358

SHA1
9959a3a201ae34f40ab837eff63663a023e36cf3

SHA256
525bef58420d24e94434a9b129a70162b2dc6e05de9667217f8d2f931b016a42

SHA512
aa1997d7ded14de94db4f76ed3b0776e9defa925c00f2b5cf230d01d2e6a3b89e09b338b3c0df1fca2c6500953a510602ef362f8ee7b7ba46b90002d11e5bf0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\prefs-1.js

Filesize
6KB

MD5
77ef801405464c7116bbc3ff6ffe9ba6

SHA1
334a633148563b3a2fa18d8162ef6f4a3fa47117

SHA256
a995270abda9f2bbb7d040c9a2f691fce650974af16540e3a5069caaefae1122

SHA512
bc85faec15ac3f2a29dc79c1f463d03398461547ed8afb70463ce34a4d03a24f6fe7fc119c8995d9ea4162b60a30b369030826952ff3ca2f7009001672a14002

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\prefs-1.js

Filesize
6KB

MD5
443f5bb35ba52a6edbd0448950cafbf5

SHA1
de458b5822fa6bbd8d2a416eb26709adf95b9338

SHA256
c2a00510fd4e81fc2ba1ba378fe12a47841ee857e57128bffa177ceffe50c172

SHA512
a6a908f04636cb347fa312b0dbbe99198c8edc00bad35943b97f3b061afb0d6a5f9a8e609b6cf7d8539191c0fea0c29656471beaf4203dafd165bb33a2b9e5fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
96201b605aaed5f2ded9026ecff6790d

SHA1
d6a23d6de5452d252ac14994a25fa6abc07fc880

SHA256
055cd01c1bfde3aefbbdd1f9530b769a05a6434dfaaa00822efdb646c02b2613

SHA512
fa5ad67112b509a391f4ea0c167b287564c88fa65573532ecff269981d987691854a37f1f5be30daaa4d2a63da833e6b115b390a61969877978463b777f6b812

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
fe1c1f8d3d52c31ce5be59028a1e795d

SHA1
e9845543307b702c2414887776a7bb45640f40f6

SHA256
ecc691ac287347f5db0d9d1329146d50f46aca6fe211e067631251f8165ede60

SHA512
b02285988ab9c4cab9437fc722ca679d8051b08c09356b0ac6984a8280b90a16929efbb31bf7d12b41f32a902871e853c8e3ecb905037083b886a293bc906dab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e0ecaba392802db2dd9042719c6990e8

SHA1
82ca65ccd12a09b27fa608891756810674f18f1f

SHA256
03c05f5460c7d4121671c5c31aea6b01cdaa6f80f7660b806990105ea9787bb7

SHA512
e842eb493bbdbafefa753127a53e9b1a938e46a4c9575611e1ac722749e026f4a430a805162a2262c8305aa2a96dc7c62610c5aaad6a7be583d84877ce981699

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bfff89d662d26a39cf1f88081fe58703

SHA1
f123f12b39bdb31b5c432fc81eda58543fe04403

SHA256
fc718bb65e1e6906f35e15e65dae2ef6b7321158ee5f62ecd8a90450f0839fc8

SHA512
4f747b701c89afca3a924978c7e23d0993d25da00ac7ac88c066e403a5eedf7fbb4616bf143c5c3daeb52d99c7f8f4c6bd6db6d2b34ccbed6aead7b907c5b1e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
206bc91c269d38a7d717615b035e71f9

SHA1
35f6ffee7c4dde601e1366e1d5b4e69b6fc310b7

SHA256
8933864501610586ce312f5f79e69659c789a59252800b002a622fa9e4c373b7

SHA512
79cbbe1fdaafc8d729a51d8a62d9d1c46ccad08d7a4ae304327d60b72f59a52703335d486c3c07fd78e732a20f1995503879efc070bab0f07d6bf0ececced9d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
4f88efc978de920c313689232cf48fa1

SHA1
f43a09c1af8793ce653d2d4d48bc4a78710362bf

SHA256
1131e1e12badddc819833ece6979f104126f693fa68f87990698427cde9975e4

SHA512
e75e29b6850139fb55547d71c42335afe72bd1fcae2da7f8e85ab1a3e9c86e72f47680d87f3303c7261e52ef052948d458023e3d1411377a51b53f5af97274aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
cc20de75a932523b00f2dae6bf8106a3

SHA1
639c9d06e11b332d041c8dc253ff7672d25b0b21

SHA256
26f4ef99f08d4054cc4452cd1c173c426e801463c8a665ec5551666c7678e21e

SHA512
138e5b3ab22f2a771bda3478d95356d1bc007a75115f550d95e8de5f0cd50d756c9882c31cd5726d7db442c299978486841532904d50d36b9dda0aa19c5039f3

Download Submit