9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
124s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (20).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3088	triage - Copy (20).exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3548	firefox.exe
Token: SeDebugPrivilege	3548	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3088	triage - Copy (20).exe
3548	firefox.exe
3548	firefox.exe
3548	firefox.exe
3548	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3088	triage - Copy (20).exe
3548	firefox.exe
3548	firefox.exe
3548	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3548	firefox.exe
3548	firefox.exe
3548	firefox.exe
3548	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 4248 wrote to memory of 3548	4248	firefox.exe	93
PID 3548 wrote to memory of 1828	3548	firefox.exe	94
PID 3548 wrote to memory of 1828	3548	firefox.exe	94
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2988	3548	firefox.exe	95
PID 3548 wrote to memory of 2120	3548	firefox.exe	96
PID 3548 wrote to memory of 2120	3548	firefox.exe	96
PID 3548 wrote to memory of 2120	3548	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (20).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (20).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.0.1408581664\1242627005" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f7bd98d-20b3-49da-bb95-304567d06e4e} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 1980 11d266d1a58 gpu
    3⤵
    PID:1828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.1.245070644\539554652" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2356 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4113d8a-4725-40d5-987a-04bfe8a238b1} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 2380 11d26605058 socket
    3⤵
    PID:2988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.2.1409878763\1345165700" -childID 1 -isForBrowser -prefsHandle 3340 -prefMapHandle 3256 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {555084d8-7a58-4eb2-83da-62db5be8a8cb} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 3428 11d26667358 tab
    3⤵
    PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.3.658939252\660168708" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3680 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cd4db39-77cf-4cce-9398-71c2698ab85a} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 3684 11d19f62858 tab
    3⤵
    PID:3048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.4.1706540107\624371866" -childID 3 -isForBrowser -prefsHandle 4140 -prefMapHandle 3736 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6cdee67-f7c1-4c8e-81d9-b7b6a591fc0c} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 3700 11d2b8de958 tab
    3⤵
    PID:4808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.5.1096024136\644305413" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5112 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30e955f9-e116-4171-9402-ff474ce1e9d8} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 5088 11d2c987e58 tab
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.6.544098724\1341879118" -childID 5 -isForBrowser -prefsHandle 5156 -prefMapHandle 5160 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f8400ea-0483-4f69-8d31-f38766a65b31} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 5148 11d2c986c58 tab
    3⤵
    PID:336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.7.1153912493\633448187" -childID 6 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68ba51c1-bb67-474b-b473-f654335080ff} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 5340 11d2d023658 tab
    3⤵
    PID:3900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.8.1001213438\1818266829" -childID 7 -isForBrowser -prefsHandle 4964 -prefMapHandle 5384 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1eb17833-137d-4c51-94d7-ebbdf0069e2d} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 3184 11d27d97258 tab
    3⤵
    PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.9.568094524\1204001573" -parentBuildID 20221007134813 -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aa34846-da85-4212-95a0-ae15b155925b} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 5208 11d2dab5c58 rdd
    3⤵
    PID:5596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.10.1090254482\1898042395" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6160 -prefMapHandle 6148 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {492fdffc-78de-4007-91f5-635895b3924e} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 6168 11d2de1e458 utility
    3⤵
    PID:5704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.11.461057474\1733117363" -childID 8 -isForBrowser -prefsHandle 9616 -prefMapHandle 4216 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b4fcaea-531c-4d7a-90d2-79e00bcfef9f} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 9600 11d2e117e58 tab
    3⤵
    PID:5372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.12.276762202\1567983470" -childID 9 -isForBrowser -prefsHandle 9572 -prefMapHandle 9568 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8acee058-e336-48dc-b923-16737d98c563} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 10064 11d2e119c58 tab
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.13.246433055\781341047" -childID 10 -isForBrowser -prefsHandle 8260 -prefMapHandle 8244 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7963ee1f-a570-4802-9cf5-5c891dab9b26} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 5368 11d2e49e158 tab
    3⤵
    PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\12062

Filesize
9KB

MD5
9176b7c794830ff3161070d22157015d

SHA1
340dad294c58d3f50aef7fad317cdc3db65a0a28

SHA256
e84fb522819cef956f6a3acf31a3febee54fb1078a28260e8d4f48b5da5053fd

SHA512
83b83cb07a2c45bcecec76906fe953055e35d8657c07c56fec3d482fd239bfc14b37380c0a1cbf875bd88ea81451f056a5c5ebac5b386522d62c1514bf6f8160

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\12464

Filesize
9KB

MD5
e9067ca671ff949fd2e66581474c3503

SHA1
e39b2d34eaf667ef8f92cc833e85c923ad7e90e2

SHA256
d989d0fa4dac13b8f97b44ba1acf3bf640e53616c73704906e69a2328bd9a0f3

SHA512
389e77f289f38fb48317864d6105c5b9bcd1d1325703c52d058674c0839909f49597d7863f410b2ab9ed7f939c1c691f8264f155619fa333c182edf796e521ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\14383

Filesize
8KB

MD5
39160e948cf0cacf2968d11f4cf5cf0d

SHA1
5151dccf1a165bb107644349e6fce846613c139a

SHA256
41f9ae2b18e543da2697de2eb11171f7b39dce5b949e1d820e2e50eb29be7019

SHA512
28ee3e6231b3b64efce2a906c4d4ddccb32c56d301e4a69892c03e830667a766c8dd568d6e623a8fe6189f00472f64a0206929731c9470961b4e801cc5fa564a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\15466

Filesize
8KB

MD5
a17e8feccc229489eefb1dc984f0334a

SHA1
3d248499fa64d6e5b9d0cac4627ea759f72889c8

SHA256
541a3228fe246c2531b2f60b30e87429f75e32ab74fdd7c14d513a8a6c3619aa

SHA512
cb4b8510582b79972ae96112dd0e6d05b43bb3ac76ec0521f89ee0c5f8d343c166e81f9db5352db8a14c81a866f3798f5f46a47cb8a41be9491db7b2a1fc2958

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\16113

Filesize
9KB

MD5
82269608aea246079af99d6917286612

SHA1
01ba944d580b8ceff7b2b190f7d774d07c24fc1d

SHA256
43e07612953b927c81eeef8dc065096249af8d5da02c7167f274aafc4bd969a4

SHA512
0686eb1a015db6ac960c8cc006a0996c002d9e3f5166e1a54b7c53c3f89e2e9bfd3105528820e69db5c9a4aea5736eb07579a61c38f7ac7df43863efede19aff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\18271

Filesize
8KB

MD5
a1592d6c9422d63dd9f70f0233d4c6a4

SHA1
7708104132e73ed84598875ba2e36d798cdd8e86

SHA256
65805818f5819128ca76f8cce1e6040898da7845f9006f5841beb892d8da033f

SHA512
0ea76a014019885ffbca922c8d094b983dfaeb3e6125be843ef716c7592e81f566743c0eb54c83962cf9aef84c9eb5d8fab827fa7cff8868c6bd4ab143c53d61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\18898

Filesize
8KB

MD5
644c8f479b4f88b034c95d369f4eba86

SHA1
a2463b3897cb4dba240566266fc5756302b9c261

SHA256
5ed505f70d3415dfe641b44d2d4377ffc0d31a4edc3ed3fea66bb91cd5a1637c

SHA512
77792d0757de46863227f7a59001d470cadce513d6919f4b37a831ce7f04e96bf3feb5ad80046ba3482909d9af8e5c39a7d5eed49bdbfeb68c7b4e965ec37f0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\19595

Filesize
8KB

MD5
cda9796bcd738bb11e18d3d570d0ad03

SHA1
d3961d972484079c208eba1324667d5be5445726

SHA256
dc0c7ec5e82b7341e64988de9bc4ec028051a5a6e696e998ed41b581b3a7c7b1

SHA512
948b4012b7342a73b39d570d325d677809547656cb2706ccc99ded5f652cbc8eba73cea4abd036c8284595eb532615cdaf729253b885db1e1c5262e57183e699

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\19712

Filesize
9KB

MD5
439ecc2306689fa5d5ee97dd28b013ca

SHA1
56cb042f418424347f531d16a7e53bc930616820

SHA256
6ca6cfe9e759a14b2ad39e8c3c7d8b0b916aa4ffa3e2ad80b7aeb2b5c57812f4

SHA512
c01d816182b758302907f68a9ba4e62696f8ad8eb28eddab27c44615db4a8bbca0a1900b510f5ee22548b4c71b2e0ecd45e90aa8dc0f18d1ad5294a11f9c43a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\24431

Filesize
8KB

MD5
4e89c6972f829f27da9072dc6bab5567

SHA1
2f418d5975cf07104b52e9067e326291253e34c8

SHA256
94c280f456da5e86c353a3c89c9c2b672bf1c0807b7425f6d9e93da518b0950e

SHA512
3bc1c59643c23cf78c2d044a8474cff2026e471f9d1c37edc0654b50e9c54b3db48d454f5796d2b0cf4aad253c6af189ed2decd69a9ae92a50d2d13f83385cf5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\27000

Filesize
8KB

MD5
59381ec80d8cdf54d608ce6cd9233cdd

SHA1
2ef934c5266c5a0b5507b37f11c6d28891f6836e

SHA256
116e5ca1d71c6a47004293445319c26a3023fd6d437aa893568300e9224c0671

SHA512
b8857827cfef87847862b856f8452837b11f2ad1792f4ead05c5872b71ca4dafff5ddeb6e33203eb2c74ae56481547549f6d5c6a2d6c7f08c2190f0fbb5a2b05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\4269

Filesize
9KB

MD5
34a450deccc3f97f4068c4e28d818e07

SHA1
adcbd00fe97e70b03cc76eb272ee423f01d99ed3

SHA256
a1eba938af5d337ac0fa8b01d9705b2de962515399da20ac7bda5b05176ef761

SHA512
550af8e1bb88d8e105291a9f33b162869d5cc94f1913502f8a0c99be62d15bfe56102befcbe809cab7cfb7c3e411eed1fae2ba7e16c852df60305b6f5967408b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\9914

Filesize
9KB

MD5
7b7134dd8249d503ab4973c4093cd958

SHA1
2d8a126db43f09c4549bcc86c265231643b00cb0

SHA256
fe13c772a5d68069cdf4ac6a138cb6ba683760c9f9ed3725e68c14ea467be7bc

SHA512
0242b46dfbee939c3d5668ee90243030b870cec8905973c6ea9dbd54b6de88f775042ae7f2dc3c2c2dc2733e7f70e68fd8171b0a9a68b1a3cd87c5dcb07bdd9b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
7a6b48e608f733bf096fe6839764f4b9

SHA1
19893114ed9b586e579fa76cdd3abefc68088227

SHA256
8a0be8cae77c0bf0b022c26139cfcb1784d69f329a5b9be931ebe543f8ffcbf5

SHA512
0c072b0250aac945dfced29620a0113f747a674d08330321a571901ab5db417be675b75e79dff2edca9b01802707fe0d569ae26962d883a83972c23ddac7a8d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
6233f2899f88653193f2e99e5913809c

SHA1
5affaeb8fd5709346f2e57a0b892e911702e5972

SHA256
5e8e1fb563935da41e87ad40314dbca46a544471f563429b91fbbc4cf81af734

SHA512
021d1453353fb77ac5ce9f0d184ea40c077beb552d86f9dca4b5b2623806a45de32fd8f5b33596f335ea610756f808f8fb74b224e86d7071045dac45e9d700c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\461314ab-ba72-43a9-bebf-d88d51d065fe

Filesize
734B

MD5
99f7e133e575e0e8899fc84d1851ce9f

SHA1
11b3d3fe8bdad53ff068133705c9b70a157626d6

SHA256
df2a990fbd5ac67963157cf82e9b33f8e4e9d5797938f9d509b8e9b75ae17f59

SHA512
82262f19d286227a2435b2d4278fb6a93ae7a7e50aadb02f603a66b9d14c2e188449bd207416705f1fb8aea63eb47fd425d343c7527020baa351647bc2878911

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
6KB

MD5
a7d49ace3bbfa320678301ec2ccbd8bb

SHA1
07636864b531a064d65a63174fafc7c778077132

SHA256
701ca0c64284770a5c06b8ae01f1e0a034aaf434a76449b6694867b0036b6b80

SHA512
179fa69986103ef24a535464ffa1c98499810fbd1b5eeefcb82684e6199446aa4f0f1f9d7cb5cd876244309c08577fb8ca641a59d477e79d603a3e453501e648

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
6KB

MD5
398bb8346d7d0ce738665e7afb834c08

SHA1
8fddae2d82b3a5fb6f74e0a0760df3f4fe186438

SHA256
123b2073a46cf8b66520df56d0f1ca24e811e7787af064445f74b08076eac878

SHA512
a78b5ce3db9ee0b2db6e55ded5bb845ab0df7ac410079d332ace68c0d403b3ea36e0bfa51246c9def2619df582914a6316e34c32d37af7ec230dcc5e16a29861

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
6KB

MD5
9f76f3060ad99e990621ec3af4413ff2

SHA1
da1df66c76671df4192860e31ee5cc319643f2c8

SHA256
439b12f951c8e2ba34908e565b60b07a4bcabf4a1e4c232621ee4c0121f1fa5c

SHA512
1366ac8aa3608998db76fe750c23351ee5b5a238695bfb5c734368d5325807da273367222cda1b1391de8507fa6a98d6b5b16f5478675fd02398a97e9654f01e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
74ef6adee272aba2ef10d16fb35532ed

SHA1
c7cec8fab5efba2b21bf5398828dc9bf139392d6

SHA256
ebb6e476ae21715572885cdd666b7cf2e5be264e0c91b7c4ea8002968794ac3c

SHA512
94eb661bc72e2cc22de49755ed211439687784cf63c20e0ce6f14042dc9dac8a3a8396dfa75efc0e78100601e3a9bfe39a46208878b29cf9aeb46bdc8d86e8fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
fa9ca8cb108235063cc95846923e7b65

SHA1
d9f0def583bbd27c99ebb40c6e1edced3b258b79

SHA256
2360c1ed634c3a24e2ba25f32d759728c3d625641d7dfab7596c93d628269933

SHA512
f5f178d546a965bd5d9bbad1877ee2b07f134f14f614d62201e71978cf0668bc296080a42d7619c5b0c2cdf0a31157571c666fce8f4a51ccd6a149163e733b3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
78e15151d23dec5bddf6498fa8fbc7a9

SHA1
b9f13345bfb5fd1f76e455e8eeab7bccd832817a

SHA256
65c0bc5808622c75abcce839e5fcc652abec5f18096ab02ef176b93fae45d9ba

SHA512
12a8f5a8ac474a98c42413bb9117b46fb2bd14c3dc48e1f90d120f111c6733341370ae26245b3e0321851231e2e12d740b5dcbd5246375c9734438ad7eb86ae5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
f341ad87efccd242203f424e6c1e2568

SHA1
7f2429ca75a77a33c7fcec6c7b8113a9d9711e53

SHA256
1972c9779f79b6ad7a809d660538a991939add2672993fa52e09f7ee696f3364

SHA512
483282fb4f4e22a76f9118c0f70048dffe9c332e19a72be408dec599ced087248f3a9b269c5ec00ca90f5658f07d97eddfd9b76cf845c6a2cbb23f15897f46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
619d4784030b2e7b47e52a8047711f64

SHA1
94fdf5036806f027fdc13caf89325a3746fbc173

SHA256
ec347e37ac3de355209374fd22e42eb2010587e7102078f885631ac5c8db0522

SHA512
28ef04e5595e475e0a52f4de42d940c7045e563d257cc63b96085cf732428fb32914ad072d20c16fb1695b0b4bb393e962fe2a3b2141b2bdec9ee38dd13a672a

Download Submit