9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
198s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (11).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2008	triage - Copy (11).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2008	triage - Copy (11).exe
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2008	triage - Copy (11).exe
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 2396 wrote to memory of 4052	2396	firefox.exe	96
PID 4052 wrote to memory of 2824	4052	firefox.exe	97
PID 4052 wrote to memory of 2824	4052	firefox.exe	97
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 3756	4052	firefox.exe	99
PID 4052 wrote to memory of 1572	4052	firefox.exe	100
PID 4052 wrote to memory of 1572	4052	firefox.exe	100
PID 4052 wrote to memory of 1572	4052	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (11).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (11).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.0.835215374\2111516914" -parentBuildID 20221007134813 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f2f46b5-3e28-41c2-ba92-9913cbc2c3b1} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 1988 1d872fd5e58 gpu
    3⤵
    PID:2824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.1.1779053988\1154800056" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a97bbad-3193-49b7-bc9e-ae3fb57b8e4b} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 2380 1d866674958 socket
    3⤵
    PID:3756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.2.1145424986\1817924465" -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 2948 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4034a45-0215-44e9-ab87-c908ff847bcb} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 2968 1d876fc1658 tab
    3⤵
    PID:1572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.3.1770131212\1813198744" -childID 2 -isForBrowser -prefsHandle 1560 -prefMapHandle 1744 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe7520e9-074f-4993-8c0e-5f7b24ce33a8} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3652 1d866674058 tab
    3⤵
    PID:1036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.4.947726084\607799650" -childID 3 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff730ce9-968e-4bc8-8e88-8951fd6c23de} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3940 1d866665558 tab
    3⤵
    PID:3844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.5.1428211844\21522274" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 4936 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e3d5a32-d1bc-4816-ad98-1232becc61c1} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5060 1d8761cbc58 tab
    3⤵
    PID:5240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.6.1071710359\1643643121" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {856bb6b4-ca44-411e-b44d-e76ce825168f} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5376 1d879a1da58 tab
    3⤵
    PID:5476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.7.2034343189\1499711502" -childID 6 -isForBrowser -prefsHandle 5416 -prefMapHandle 5412 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8126825f-6d61-48ad-ad05-89333262f5bc} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5428 1d879a1e658 tab
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.8.1566507435\1553819632" -childID 7 -isForBrowser -prefsHandle 5428 -prefMapHandle 5376 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5470e20e-dd6f-428b-a315-63ed17b74328} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5608 1d879a1e958 tab
    3⤵
    PID:5496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.9.1602144548\2127368638" -parentBuildID 20221007134813 -prefsHandle 5148 -prefMapHandle 5756 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdfa426c-cfbc-468b-a0de-35583f91d11e} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5784 1d879d90858 rdd
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.10.1121868030\1953014362" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5772 -prefMapHandle 5868 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84943337-5dd6-4583-a1cb-ad88a3fb14da} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5964 1d879d91158 utility
    3⤵
    PID:5948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.11.1541405437\827116448" -childID 8 -isForBrowser -prefsHandle 6128 -prefMapHandle 6216 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c02a3ce3-477e-4319-bf6b-238193d1ae82} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 6236 1d87ac63b58 tab
    3⤵
    PID:6124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.12.784971583\1994875785" -childID 9 -isForBrowser -prefsHandle 6384 -prefMapHandle 6388 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6e74470-9504-4043-8e5c-c8f501347569} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 6468 1d87ac64458 tab
    3⤵
    PID:6136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.13.422962671\2142716359" -childID 10 -isForBrowser -prefsHandle 5532 -prefMapHandle 5520 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {539a6be6-98e2-4ebc-8474-40feda08adbd} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5452 1d87ccf8e58 tab
    3⤵
    PID:376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.14.346046720\756160168" -childID 11 -isForBrowser -prefsHandle 5568 -prefMapHandle 5520 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aa71335-c595-43f5-8222-7da02ccbbc0a} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 10352 1d879a1cb58 tab
    3⤵
    PID:5600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.15.1526438959\545754205" -childID 12 -isForBrowser -prefsHandle 10460 -prefMapHandle 10328 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {362bf340-f81e-4b17-aa9c-302e07c21de5} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3812 1d879a1ec58 tab
    3⤵
    PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2700,i,14629483171127516024,12350888228055326066,262144 --variations-seed-version /prefetch:8
1⤵
PID:5468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\15182

Filesize
8KB

MD5
137287aaf11bdeaf1d517c793efbc3b8

SHA1
89c709f3384d26d627a7884c617726473ca9616a

SHA256
68e4bf6fecec4f2f885d5430df82357589f70e1b249958d0dbdaea89c7129cb8

SHA512
70b35b304a5f4b946d13418e31589bbf71366fe49fcea1a26ca7771186101226dd811ba1a3e12174b85354c92f2c623d0e0a7bd5d4c046640d4a897275e67c25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\16152

Filesize
9KB

MD5
f3a7900d199424f416ea0d3e41caa195

SHA1
8831d3e3b98828e0b12807fdfaf9017741f6306f

SHA256
46cd064f739459744efc689c30f70ab3d5c40cf30aa6e663d1c720ba080583a4

SHA512
014d354416ef063a76cab64f34f193e40553b4f366ac591909703298070aebc1c2e24c4706254a1d6f0d9ac2014c06c00a8554ff6d293271fc416330029a95dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\23431

Filesize
9KB

MD5
ca4c1b7c4488791423939a9108995669

SHA1
34d225d0e309fafd9edfd1a2a11955473c6b63b0

SHA256
5d5c751bc57f73299dbedaf4a41bdf9ce8a9dcb2110f817fc4126ede27e25dfe

SHA512
ca4f2bfc3a05534248fa167016d1150af0dcee3c085839812d5c241966dae62eb3e8a83a2c8213cf612f4bb5abb164aa79bcb6051913a7ee8ea9ad6b19c26ffc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\26460

Filesize
9KB

MD5
a29417726a1bd56c5afe58a4059173f2

SHA1
03f9bc10b46e49602d93e9704fbbab0645fa99ed

SHA256
fe4cceb329d5c6afbe7a7e97e8e413551364681d5c921e7df2df586c98b36480

SHA512
7b182a401a7bab4da17a0c70a430540100d61f5eadef9acabc2f5f20ce249ce7628a701af0648814b240ff274caeaf407843e3f127e16300d9c4cb95a4a535e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\29036

Filesize
9KB

MD5
137f3ff81a654f3f37bdd1e69fb2dd13

SHA1
eca85c27e9a2bbedd37cc47d12fca15f1d5ee921

SHA256
0190ddad4fd3ce7f4315e469cc5f19934cc0133551da3844ca7a4353f5d7ee81

SHA512
026e51690d18832808704c07e687b0482940df85a409f7ff29479ab359c64b842cab99ad869d9f35abb50bccad00f3e9cbdf09b7cbf18c5ce56aadd27d74b602

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\29064

Filesize
9KB

MD5
1d792e4b455b5dc6ff67b5e02964c90a

SHA1
ec662d0dace5778c6eae102fe78fb2652e294680

SHA256
2a3db7619d20352702300aca506cc65a71a54b29d562e60e3ce980cec37a4195

SHA512
ce72bbb7b5ff1217b2037206addc1e2044b88a59dadee7490cb593a4b72c76952f08b02b2618b539e0ae37dd42f6562be5a183167be2d46d06ca0664df1edcc4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\29340

Filesize
8KB

MD5
7db1179067504002156b41f806904be1

SHA1
25e9c22d6674744ee29154000cd8614a67b0ebd7

SHA256
bf6c21931c1dd022d254b994f9619848acb5801fff15a3320c98c585beab4bd4

SHA512
3647958b248186e6123964d36848edf9591dcd3af7f1974315bf6c98c99e09e4cce6a5fb73740231b531bfbbb455eaeedd6032f3051bd23f7cb1b25c351468cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\30812

Filesize
8KB

MD5
33a6fc83dd54c492e6e3dd93a922741d

SHA1
79873ea451b8738fcf621eaa3b7f3568ff497a5f

SHA256
a3710a579d8431f91d76d673ef21bd304262e122b4ec7c857a540b803e9e479b

SHA512
0edcff2a4bdbe0c37811ea3f7a1c1add336d7c87e5bdd335250196f8b755ccf5722c1f21fa152b0761d633ddf2aa342435f34a054c0434d421497d54d8f7cfe0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\512

Filesize
8KB

MD5
118bee6f8123d3feb9ec24960aa96292

SHA1
1b449523af72893bb35d097c5e14c166c509ec3f

SHA256
58f7b81c1fe298f0d70f55e25d819098fc04fb0b4f86551491990721dd4ecbbd

SHA512
2e820d7ce812ceb0174c9d9623bdd590c6db62ab144342dc643c3f5abaf3d86840dba67f84b6c0e90f296b0377b7bd4762d0daa5a94a5b54546cf8e55c156584

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\5633

Filesize
9KB

MD5
20026c364dd8f93c4ef82aef41523afc

SHA1
ed2eefc05a63f5ce86f94d7de939bfac3eb1a822

SHA256
d707b258799d30986c44240d02cc43ba9b26d16fc905ba32aad6d7d3296ae69d

SHA512
2b3e742a4c8eab34a3925e66f7a8f995a684a1848f64a406dad5ed6d78109b0cccf68f757b3471e8b4084bf45a53abc3dfd6b9756078616d385468d284a5829a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\7143

Filesize
8KB

MD5
ebfec7474abfc67025cbbca0a36ed593

SHA1
75da49137160e115576d0f64a6c96bd62926dbe6

SHA256
66da5e11f4444f4e61b5e66b4440b613f6533645591be91ae2dc1c0246a6e62d

SHA512
4f5657d825248ab87b860e19c2639c9a7c25edf836954b6aa99b21d1bbb339367dd2ac177e6358e55eccea0fb12e87a32445ed85d3054e9a643fa5368ff4441c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\8433

Filesize
9KB

MD5
677d739037e0a5a316b6c5bea4a2a614

SHA1
53f6c57e588792161022d45727ea2f4915b0ce78

SHA256
4d0638454765ae622b0c2733a0ea430aa255ce6e4fa3b283d330076fc8db3320

SHA512
e72c889dfc7e81eb46021ac9f19d25f96b4056eae0d5376817583a91a0350ff8a84df761e73c46f64c4d8e95c89bb92b4b633daa793eff6418fbb4a10a2a200a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
63e82824b555b433e5cf8907b628f8b1

SHA1
d1774bbc3bfcf0b2b5ce6aedc2ba3cfaf4688012

SHA256
fefba703a367048d138a54a4115667b63228e4de3271dc68ab840c336dd5a2fe

SHA512
4ebfa585fb6a5063d647c98af4cf6f58522b6ba4a8f3c4563619c51f8cf767fd8224dee3294565388d6bd2d08eff2169c1ef8c97c798009a4441f25e27240f9b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\thumbnails\d1e6238716441fddc7f6f03a56a3feb3.png

Filesize
7KB

MD5
4fcedfe76661f405a059bd41538e7c6d

SHA1
a1b1d3db2f3d29a86f3b96a57d0612fad7c24cea

SHA256
1c749cd15d21aabec68c4b27aaa4a43e55cbf91e76517111391002b99e7b19d3

SHA512
b481f77fa7bf5988ad1e79249e2c09ce0f26aadfe8beb2820a158672ae816f31d840ee1c5a3115f93ded657cc5116273a55d52a7469ea44ad69a7ed9bf71d7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
e3104dfd4b2b22780f8e18e9d1d23ede

SHA1
f5c56c498a734a59a9516495c51b78a1d7092b76

SHA256
a2824cd3e05c1e3a85fe66488043512b797bcfe0b68a7e7fbb2d46a68b281d53

SHA512
090fbbf9c36e004ed55e5ca0f0da13385c138ef707775c428a2a852f44058e04098125f41554daf1c2194864356b6a46e8b50767895e688938f18d60f7f5bcbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\pending_pings\8edb5b6e-afcb-45f4-9f2e-6bda9b6eb1e0

Filesize
734B

MD5
8ed38aa5b5c77e3c54279a746a8b595b

SHA1
bdf738b9f2a46b73473a2a52303f8788fcd7b29c

SHA256
7e5e1316993cfd334664629c0477cade867beb55e3242e06750cdae8f583b6a0

SHA512
b4c8755cd9c739c5a3810f5d012d504e3ed8cdfe53eb13ba3731b2b4374449706ee31bafd5bc33f18809114ccbb15c51d83dc34012dd7182b17b97e72d89fe60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs-1.js

Filesize
6KB

MD5
5c2f5589e1ab70d3afb13f676c615eab

SHA1
662d611006d581ac5ee7c54440b6c33283267ad0

SHA256
c1e7e3060f29d303c887f4dc9b56c9d6a18c704a3614cb7658786e8818a5a89a

SHA512
f772af75312d26daca67ce9eb21880918700a74190cd68d5a121ade60fa482b341a3a6ed1e084f7144bce75d88abe77802d41ef8e426c0ace4897a82e0023d70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs-1.js

Filesize
7KB

MD5
f3dcffbd8d8e977e45f2d089514a8a6b

SHA1
64cc1ea34a887b1a880ff7076672dc9a6c4be680

SHA256
a2dc2d7ecb3c01b2ad46f1496d38f8fa0195b33ba326a43b1ad585b150376f3e

SHA512
be6524a107c62dae8ac1ad85ae1c0fe40ff01844eda6f14b7b9552f56bfbf9408d3dd072d7a0d4cb3efe6485e6971ffb2353c731fa00991901304773bab11398

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
b71df6875c8ce2a1cecd43b74533b1c9

SHA1
6fff7a256b7ae961138ba37707b2938a2e9cf9b2

SHA256
0f6150fbb29ee60b59bcedd1e0ff7d5691dfd7a5dbca259e58ee58f9378e4d98

SHA512
9cb532e30108108e6eae73a88795f2952f62e1d325ae80b608ac2212713a999aba35cec30bab47738ec3ea25bfabc0cccb41d19dfb36638e1472ad5b4fdab690

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
7766255f013eba8c6d290fab67d98f27

SHA1
9665f38494a5a0fed4562bf4f46f28bf471480e7

SHA256
9749dfaf9c49714bf429b3bffa81d50c1ffd4c102836a2b86b5f55616ca7a80e

SHA512
6d56c9c62ff734c78564ff2e49287a424ef9e1326271663a6bd8fa1dc912f019f1018414722e36f9ca3d00c7af9d6974acc13e419bb9ad9b0fe305176b902e73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
efdb5c27d4eda4d3c98b2901c843042a

SHA1
c9a3c3eadaaecea2e678b513db07fea8b16a2ce3

SHA256
cc99223bc69f473c5722535f5a348cdce3b7b87e0ca863f448f761c1744a9851

SHA512
991c7dddce55e14ff1a13316628e420a6fada364e275cff64a974213939e2537da6b4d34bab5abf212c3bb46bb54f827d4205fcae9e0467a90da7e0fcfcc6111

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
786745c8c8aac7c52631e0fdd0e4eb8a

SHA1
d2bdbf2f645b811bc3b206d80e57459b119b3cfa

SHA256
308982039ca9859a6c0a77cf8a4dc2505fea682183e324e3d38bae009878cd12

SHA512
1b405780aba433b535e6ee98327d13b7aec0edc8e0593112a848b8b4b8d6911091c1cc93890b57431cf78b435a15ca8d28af6e3ccdaa2061166a7281343c49df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
f5bb004b226c51c04e027e98ccd2a862

SHA1
c71de88b224c389235dffb87eea685e28e08f9e0

SHA256
683dac44e10b851e21d75fc4eb3982d4d716093e40aec7d8fcc730a48ae6e8ab

SHA512
c570dcad9a17e9faa37d665a1de23228b2cbe09f4ea56d96d19b9b24db19555f0da29812a2368ba7b3f5bd3fdfbced00a074894c8f109ebc1fdc47557defd4ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
c86de12fa55ca19f86423b2790f54363

SHA1
854f455e1ba2ab1b7b10c669b6bb6e3d7681a595

SHA256
20b480f06bf5bab4cca2ebf0489283d18ea0deebc8ceaa1627f79de6d742a31f

SHA512
e3fbf5b3f3690fab788ceb6ac9e941ec98b6abefc5e1557a239a6ec271d36ea78d94c20b9127a795383763cd5e30af805638dbbb49566ea9e172456eca7b82e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
f03d713d64e65f3a7d90eba6d9aa4c30

SHA1
cace059a9606d1057f53cb6f223e6200cd4acd18

SHA256
e51b12cc678065d461a2aaebafb8803de9ac36c75e0ae7ef10a835c005918ecd

SHA512
7df7940196f7e5e0b3c6592b204dea279f5bd118ac24d3813f888d92e4d9c834675efae319854cb8dde84d722093d8cb53396aa07e8ae4578fea2e9096e91188

Download Submit