9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29-03-2024 01:48

240329-b8d7kaed2w 3

29-03-2024 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
429s
max time network
516s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (31).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2796	triage - Copy (31).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2796	triage - Copy (31).exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
2796	triage - Copy (31).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2796	triage - Copy (31).exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
2796	triage - Copy (31).exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4344	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4612 wrote to memory of 4344	4612	firefox.exe	90
PID 4344 wrote to memory of 2700	4344	firefox.exe	91
PID 4344 wrote to memory of 2700	4344	firefox.exe	91
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 4792	4344	firefox.exe	92
PID 4344 wrote to memory of 3032	4344	firefox.exe	93
PID 4344 wrote to memory of 3032	4344	firefox.exe	93
PID 4344 wrote to memory of 3032	4344	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (31).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (31).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.0.949401602\1821334181" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1944f17a-bb6c-4481-8aa2-1e5ecfb38273} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 1976 23bec0d6b58 gpu
    3⤵
    PID:2700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.1.1404518037\461148791" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38cf894f-9e91-48d0-9b1f-19c592920391} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 2376 23bebffc058 socket
    3⤵
    - Checks processor information in registry
    PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.2.924367537\377760354" -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3076 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {274a1a69-2c35-4696-9aa7-41ebc293321f} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 3384 23bf030bf58 tab
    3⤵
    PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.3.974515852\1031606713" -childID 2 -isForBrowser -prefsHandle 1064 -prefMapHandle 1032 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c34d32c-49d0-4a0a-b04f-35f40b1ae441} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 1072 23bdf868a58 tab
    3⤵
    PID:3416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.4.1135523889\1737661864" -childID 3 -isForBrowser -prefsHandle 3196 -prefMapHandle 3672 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c110aa8-36f7-4ffe-919e-d7cf4ae26d20} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 4548 23bee89d158 tab
    3⤵
    PID:4104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.5.641780525\1387990375" -childID 4 -isForBrowser -prefsHandle 5020 -prefMapHandle 5000 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faa1de94-6ddc-4657-a1a5-85c8343130bc} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 4996 23bf29a7758 tab
    3⤵
    PID:2236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.6.762715012\397221140" -childID 5 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd9e4e34-0a82-48a5-bceb-69b1edaeea37} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 5312 23bf29a8c58 tab
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.7.841083082\2127735986" -childID 6 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37544c90-7c1c-4976-88ec-0d13f66c18d6} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 5500 23bf29a8f58 tab
    3⤵
    PID:416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.8.1891376278\5402392" -childID 7 -isForBrowser -prefsHandle 5724 -prefMapHandle 4916 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff16c7cd-9d37-496e-8510-f9cb51e37c4c} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 2812 23bf3995758 tab
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.9.374237115\1510891075" -parentBuildID 20221007134813 -prefsHandle 5964 -prefMapHandle 5968 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec391e5e-fd5b-423d-a49e-29c461b3296b} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 5324 23bf37bcd58 rdd
    3⤵
    PID:5296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.10.409549169\964362101" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5948 -prefMapHandle 6124 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4df175fd-a557-4fbd-9ec2-eb610b67a129} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 5952 23bf3995158 utility
    3⤵
    PID:5328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.11.900438144\2137518377" -childID 8 -isForBrowser -prefsHandle 4768 -prefMapHandle 6244 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72b9c257-fecc-463a-b0ab-27b4c6b390cf} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 3260 23bf37c9858 tab
    3⤵
    PID:2104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.12.849766246\137204372" -childID 9 -isForBrowser -prefsHandle 4740 -prefMapHandle 3264 -prefsLen 26881 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59342e57-54b2-4268-88a3-1a28b5380c01} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 5148 23bf2171658 tab
    3⤵
    PID:5944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.13.1234225568\374315619" -childID 10 -isForBrowser -prefsHandle 5688 -prefMapHandle 5304 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e448df8-3609-4ff3-93b3-5f939cb6e90e} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 5480 23bf3bf8a58 tab
    3⤵
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.14.951940105\309594386" -childID 11 -isForBrowser -prefsHandle 3048 -prefMapHandle 4848 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecc392ea-395c-4cb9-be70-1c08db83e2e8} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 3328 23bdf872b58 tab
    3⤵
    PID:5916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.15.1631145881\252071996" -childID 12 -isForBrowser -prefsHandle 5984 -prefMapHandle 6000 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f577f2a7-9c19-4c8b-a9b5-f69927e45663} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 5724 23bf2170758 tab
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4344.16.988695325\700426979" -childID 13 -isForBrowser -prefsHandle 10052 -prefMapHandle 10056 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a111006-3606-408e-93fd-27ecc5570085} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 10044 23bee935158 tab
    3⤵
    PID:5772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\11088

Filesize
9KB

MD5
1c0ec0136b6c6de89a715d93d31b69f7

SHA1
16b71fe7888b2c0709eae8e380e0fb7a98eca9c1

SHA256
de05d37c47da83d642b4f60f2a97862d03d95b6c8bf9036ada31ce87a07a8a1f

SHA512
7b675d8c078d099c24031ceed72d847e6b815ef180cb13c49c7d9ae03fafba10f2ec5121aa742272a63f7df548d96fee27b009ac3e2c69956893e913ff681d54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\25410

Filesize
9KB

MD5
7e1ec1de19c84b80f8cec2404d053c5e

SHA1
ad16cd56a6af24647420ce748fac8ebda604cf6b

SHA256
80fea8ddf1e2377b71fd1cd896d7ebabb66a3575d19ca50ac30df91520720e52

SHA512
9dc922efae50e0cd49ef08e14a67582d7f54e21c6e6141c9ad69b45b5c10f9aa280b8e540972ba91d28320ef31d3299283850655424d7137ef50ebe4ac53522c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\32149

Filesize
9KB

MD5
330231bb385561e2055470b9416c28ea

SHA1
db41c357b925e823190c6e0b1e440dfbbece9408

SHA256
645c0a07f1f0deb9fb513bc697656c6d5f49de96150309581d48af9efbb7db1d

SHA512
673f5fab16e200a881aa1edfeb13fed5a727b7fca6c52801db155b3e023af20107f84389e531c83ab87436bebbac5995df07258598d219d28aa1b0783fccc26b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\3561

Filesize
9KB

MD5
d0a1820b131db0e815b235ae8fd3bb51

SHA1
5dcad8de8996985d087b2539916681b775b6aa7c

SHA256
b9cba02f4e3cb5a6f4ffdcdcf8905384f8a8e533fd26e3ae003339bde9f27bc6

SHA512
cf599c54ff31dfc2fbe13dd48e347f051a7c78272022f386ac7f8859af60edfdf62fdf1345437ff5e67b327c6aca107b5a22df0af23fbe2fab50d7fa27dad1a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
76bda3cfa8cf1e0a74ad92579f1ddf2e

SHA1
072d7af58ceb4846f24f4cf03f27a9153f4aec1b

SHA256
e23b22e17e3240ed8c8ed5a9233888eb257830416f9e2795e4f39de2084dde7c

SHA512
9e3eab4430efc4155b1b3366c13622abb9ef3dbb4f309fe69202b2e68ea13892d5e693423adc47a1edbbff5a2db9eae6c1ba4d0d9ce9260dc4b8d1d15806870e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
4f8b0b9ba9f5d63fcc9b70bb25fe809b

SHA1
2992751e98125e53ca06b6a49bd98ff974ed37be

SHA256
778052816ce20253d4bbbc48d91cbba499fdff18ef4666e0b1c680a3f8925a96

SHA512
e9ecafa747b8b5580f71d0a24c7d1666a6ed87e3cbab319a558f0103823ce54c6f3b270d677b28aed99917075c2ad3eacf03de7fad60772880ff6d70ce901b16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
edef627dc4237b8fe0fc3ced0f860622

SHA1
861c3b949f11e9a2531336cd789dfb8f52e0fb9c

SHA256
81f9e94c7ab4d5e31ebc0fddb532f46e90d924f8260055bb803d4e6bb4fdf5ef

SHA512
3767870d11f18fcb17375a4b7fca261395ddd272fa733ee6b5cc3ba2c5f0cbf35710f795870579f60f8e2f6653ab009f958d1a61ac9e9b0ada6192671a8396d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
7f13e785c1b2d81cd19cdb3d9974a289

SHA1
c866831f489e8ba3e4c881fe5a4145247e957c49

SHA256
c5e4bf9fb059736c71982634735bbf875503778b0edb5029d8813edd874eabb3

SHA512
e060157dbf74c44274abd590060147f637f0d94c5f10e4d6779414f3dd4cf498af371b34c0a09374fb63cad855239af69ebc78f82d1bc8628e998f6646ac0a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\pending_pings\5b051b78-99ce-438f-8aa8-c24a1f8f65fd

Filesize
734B

MD5
2729528e983d30b2478f6036f4ff08ab

SHA1
981b9f32241a17c26a44c9df8b778abf6740f078

SHA256
ef2ad2c4a52f468bf5567c5fbc871571cce430ba12a62c2333c51ff809b3c3a0

SHA512
77bac18ea02cf37669269719545ad9341e32ce9cb5c1bc9c42ccadc161527f2ea08e135be8f6c1eafe931a82e950593598194dd2c89a31c1006b99a4f2347efc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\favicons.sqlite-wal

Filesize
352KB

MD5
653f4b4a95c358613ce230443c718b93

SHA1
993308e07b0792b1ab9bd30d5e7e7c7d74494fc9

SHA256
466596a99975919455584c92a23ff04564575f2eaa2d6214d2d2bd3de4567189

SHA512
d6722b80aeda5081e98a51573e2a7812fbd37b86a7c8cee4d0b8772f3e08f31bc7a67b2c09914e4fc40de85f88fd300777713974b0c5f2039c3b318bf8b41780

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\places.sqlite

Filesize
5.0MB

MD5
2a4b6047916523b142c95751249eb9ea

SHA1
8511979e8a97072a40772f3d349b3f6945413867

SHA256
2a897de10455506d629420e48288435eb994e45e63c7f15d02d107330dd97e44

SHA512
856f95db5c3ded24656c8731a3eb834bd9b59a16011827acfb8d93c8cb7877f5608a8d6ab3fa1d08cec892cb5c1a0b65c645a725e55b4a5f4395005dadfa228c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\places.sqlite-wal

Filesize
3.5MB

MD5
ea008043961a6a405ced4190c49024dc

SHA1
d9c6af771abd2ba6414a0c10535b49613bcc3db1

SHA256
2c2f326399643d08e721068a899c5a9a4d9f78909edff71e798748798a24401a

SHA512
efc5fa066ae96241f111ed2957060013475637edcdefdc1089dd77048d093181d1ebba68aaf9d4a40b4bc1d48ba98076e7ea9d76f9c101afc32e94c30d7aee46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
7KB

MD5
ef2d49c254521cf3c9115ceb23d3dbbf

SHA1
9bbc50a7325609ee07bf2fee7bcdf4fd1e81fc4d

SHA256
14b0c13a40f8d923ca8e5a53b4478c59f81219e0df7c2f27623a9bddc86fd3e7

SHA512
9b0128a98d03f7f4eefc4c3113f1e3e1663356689a83984a3ba49e4bebba0ae577e76f1605d013744979896d073c4a314297f2d856bc9724fda800d188782b55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
6KB

MD5
051d82266947d44a35b2b669d4948b80

SHA1
48a48d4dda5972e7025b673eaa8c7e81342406d4

SHA256
3ba1c7e548ea1de97f96230f7247b3c85f1e9b1eb990255d5b5bd5c60e84c451

SHA512
404fe2ff45b101f93303a8c3bd4b079be623d4281af14616d0193fe2e665fecbae23b3d55d1db83c066b6f8a7cf2a450d95a7d190162a731af10f1a7146933af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
6KB

MD5
f0b49c0a9600902fb6d6f798c3493481

SHA1
b56b30edd804206473cfcf7710becdb3de46704a

SHA256
37f6a92aff990e89dd094ec1d692a8f8d53744c01c50df2f487a1f631019832a

SHA512
d3f6d09c64013cde3756971eb118c03d27a8f6ad82169f28bc05615528fc66187885883d01c2ee62bf83115d3532f927e4f411a75cc60dfac2466995b0164c50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
7KB

MD5
e350c418d67bdaf3781030c5f4aa1aa9

SHA1
219dbf658e1fbcb2a24fd37ef3ea847578a29bea

SHA256
cd50df111ea4ae227efcc239397bc70e34640e80e666620d7ad4ffc47d5d9911

SHA512
4226d4297c648abdfbb06b8172a397ff9a14117d21279e4db80636362f6002254dabc123344b362000fd9cf504527baa8a4e9980ea453399728729f0e45181c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
fdd936a6739ccafcd0c2025dcadf60aa

SHA1
f94ed8c02605351abcf1e72d63184d354ec8a0e4

SHA256
d1c305b0f1a1e4ab7c00ceb6012fb48a49194eccfee30df4ed2fcfdac8a7e50c

SHA512
24a3da0b5b45aceea84b29d55ea007e4c0b02b6c9e1501834cb9e67aaa355f3c6a891b1fcb2cc77be48136c7c7bfcdb23457aa990e4ee3bbec36e386d6040176

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
329300c6b95fce1d448316cbbf058a51

SHA1
647ab33cbb7ecb4ddf5e26201d1dd08d0de29270

SHA256
69f2c78e0417934c72f80beb4dd2f55b5f27840c80be0b6eeead2030c41c9c06

SHA512
791792629842a97bd52e35bc55e662cd5178f6e715daa248cb6b3725e552e495505142186305ede06a5f48ac34052cbe823751466f73e615aac4f116a704de53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
7d1ad64c3c9e9351a054c69f14d52727

SHA1
4502fed59caadde4d56e4860aab9bc4f86c56bb8

SHA256
24f7d64967427246c1d3e9035291389b5ab3ba95db80266689e78fbf0687e9eb

SHA512
6b7f0c7cfe4bca159a1cc1a54196e583f003241dbbd0870a040769cc3ddddc430a785a20286744165f0c72ce787ee4b9b7c7c9b8fe16d3eb9ee93ab3afa90c4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
79e556121b2ffa72c34e668ece9efa54

SHA1
9b44e74aee59f2db5c474489fd000aae1a54ec45

SHA256
35d421a2ae19a27897d603d2d5368bbdf4d22549e027d50c301d8a0f91e9259b

SHA512
9b614d259a1376c7b0b184558d5e80f532722380f4cf22621215ef4149b9a690f98120b082d4706717d7ec5b274687460dad995cb3d5f649b9334350cd0e5951

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
795c3d56f055245a31858fd0def0403e

SHA1
52488d8fc0420f94a4850660d3161ca82332e6ed

SHA256
43895b8f249b7b20918a025cd47b50ed082d0b07b800d036eb3566e56a0c91f9

SHA512
224d721e0066c26fbb2be92a8339a8222a55f6125d0307504b651df0c3ced5ecae40bd68656c7ac58446d51f4da6ae33751389d40bcabf07e89e57e8bd12216b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
379e826f61b732aac5f8004892a3afca

SHA1
6d677792fa79c8c04d05bd6a8b101b0084a1fd9c

SHA256
f74492a19d1e9a89f7eac479ee896666b795ead35933e1226d00076a6531b2bc

SHA512
06d1c7811831106d987981ddd8fc850c4cc9958fd22f140c444b621ed3842d33b3acf3315f7f1d1bd712968f2b05901abb7b89806a95d4fbaa949ad04bd7990c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
e1d362af74c1bdbed00dcf2c2b2e31d8

SHA1
34eba7b2a5a79142d84e55fa391352e2e5cd7db2

SHA256
1f6e1dbfb59cb99b534882df3dcdc875ee4d40e7509aa37e6aad5695a2899437

SHA512
9b354d361ee05474d52bf1c867a47faa953f7cda8e1975d9f916a2a4ab719bd4bc55e1e65b6ae76f37f2d14cf4a6e6a24260874c2e3f608b874458600d6981cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\targeting.snapshot.json

Filesize
3KB

MD5
8e5c5f5020f3354cc18df9d3d70995e3

SHA1
c61cfecff411d17d51a15c1f494bfd3d5c617c0a

SHA256
053191b36a86f42741ea2f0daa2c21e7b6c9803e7b2e4463f029b2812d764637

SHA512
aaa842c65feb83e0b27a7ba38b4c417bc228c537e9b5f08f324b00871ac93ea35f7e62840a412b7f56d4fe0ffeed89503680ff86d64c55b9c2f688730091e5de

Download Submit