9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
442s
max time network
456s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (4).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5020	triage - Copy (4).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	3108	firefox.exe
Token: SeDebugPrivilege	3108	firefox.exe
Token: SeDebugPrivilege	3108	firefox.exe
Token: SeDebugPrivilege	3108	firefox.exe
Token: SeDebugPrivilege	3108	firefox.exe
Token: SeDebugPrivilege	3108	firefox.exe
Token: SeDebugPrivilege	3108	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
5020	triage - Copy (4).exe
3108	firefox.exe
3108	firefox.exe
3108	firefox.exe
3108	firefox.exe
5020	triage - Copy (4).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
5020	triage - Copy (4).exe
3108	firefox.exe
3108	firefox.exe
3108	firefox.exe
5020	triage - Copy (4).exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3108	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 2292 wrote to memory of 3108	2292	firefox.exe	90
PID 3108 wrote to memory of 4204	3108	firefox.exe	91
PID 3108 wrote to memory of 4204	3108	firefox.exe	91
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4020	3108	firefox.exe	92
PID 3108 wrote to memory of 4908	3108	firefox.exe	93
PID 3108 wrote to memory of 4908	3108	firefox.exe	93
PID 3108 wrote to memory of 4908	3108	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (4).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (4).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.0.222823085\396404435" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dc59fe7-e346-4ea1-8003-b2b9ed0aa757} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 1964 23afc3bfe58 gpu
    3⤵
    PID:4204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.1.830318001\352108721" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f536ebc1-698e-4f1a-9364-e35d52aed7de} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 2364 23aefb6f258 socket
    3⤵
    - Checks processor information in registry
    PID:4020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.2.90651321\543117061" -childID 1 -isForBrowser -prefsHandle 3308 -prefMapHandle 3304 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f5ad2c0-94e1-4fb9-8303-d6c176efa422} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 3320 23a821b5858 tab
    3⤵
    PID:4908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.3.1457844201\975862644" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07018363-90d5-49cd-baf5-34ef5b2c9307} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 3592 23a83105658 tab
    3⤵
    PID:964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.4.1299715291\170056096" -childID 3 -isForBrowser -prefsHandle 4020 -prefMapHandle 4004 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ce14844-2136-469d-9d61-1d7001418048} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 4204 23a83905258 tab
    3⤵
    PID:2156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.5.265375212\1035516036" -childID 4 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9d49158-5d29-40d4-b6aa-d1fffa41cc9a} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 5028 23a846a7858 tab
    3⤵
    PID:5076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.6.1089434226\796219061" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e39f5f3b-e7e4-4103-8b41-1f8dcc29b21e} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 5168 23a846a7b58 tab
    3⤵
    PID:940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.7.1355422321\2040211759" -childID 6 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4cf6bb0-9981-46cf-9277-638cc3a8da65} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 5372 23a846a8a58 tab
    3⤵
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.8.1015154733\2109128698" -childID 7 -isForBrowser -prefsHandle 2788 -prefMapHandle 1468 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {304de75c-ed57-4f63-9d25-e5e96e8defdf} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 1600 23a8558d858 tab
    3⤵
    PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.9.1747203214\1576818304" -childID 8 -isForBrowser -prefsHandle 6020 -prefMapHandle 2932 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a990be0b-6dc8-4499-899b-54318819b8af} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 5976 23a80ae4458 tab
    3⤵
    PID:5620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.10.1673321003\1603865627" -parentBuildID 20221007134813 -prefsHandle 6444 -prefMapHandle 6236 -prefsLen 27251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f6e170d-2c3e-415f-a871-e0ba0413a8ca} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 6404 23a80a9c858 rdd
    3⤵
    PID:5444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.11.934404267\592742690" -childID 9 -isForBrowser -prefsHandle 6404 -prefMapHandle 6444 -prefsLen 27251 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac257d48-e7b7-4779-9081-e6b6067a90d7} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 6596 23a85eb2d58 tab
    3⤵
    PID:5500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.12.1543898833\557783494" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6768 -prefMapHandle 6772 -prefsLen 27251 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e9a50cf-158a-4eb0-9c2a-310a78acb312} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 6732 23a85bdde58 utility
    3⤵
    PID:5256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.13.1595041667\1861326003" -childID 10 -isForBrowser -prefsHandle 5488 -prefMapHandle 5504 -prefsLen 27251 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5ee2f15-59fd-4d4a-bbb6-fb2dd3362c9c} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 5528 23a84b5f858 tab
    3⤵
    PID:5808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.14.223000652\1158869100" -childID 11 -isForBrowser -prefsHandle 4540 -prefMapHandle 4516 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50f8eb6f-4a58-4013-b291-334c41b55aae} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 5348 23a868d6858 tab
    3⤵
    PID:4996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.15.1138482546\247864635" -childID 12 -isForBrowser -prefsHandle 6456 -prefMapHandle 6460 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {726eaa66-2fc3-450b-a2b9-8245e200fa4c} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 10932 23a85590258 tab
    3⤵
    PID:4280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.16.706969334\1689857963" -childID 13 -isForBrowser -prefsHandle 6712 -prefMapHandle 6744 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78884ec3-5293-4f9d-ac7a-24e42e90a354} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 5612 23a8558e758 tab
    3⤵
    PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3108.17.332631702\1585943388" -childID 14 -isForBrowser -prefsHandle 5564 -prefMapHandle 4868 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2ea84c7-313b-463c-8374-82940f6cc906} 3108 "\\.\pipe\gecko-crash-server-pipe.3108" 4952 23a84b5d458 tab
    3⤵
    PID:1328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\21094

Filesize
23KB

MD5
6f1a7998c1e733efb3de14be106ca2e2

SHA1
a5f2c43c94251c68e0e64ec72931ca84cf160aa6

SHA256
79791a3553b7607779a203e5424956d57b2bc52c7e9056cc51adcc10b321a3a9

SHA512
05d482d214b0bbc94d8fc07ed4bfabd625ade346ed5d0d12d9a496ca8e2499bed839078bc78ab14ba44ad6033bd00246dabdee6f190a6bfcfb5f18d5b8af4b53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\3846

Filesize
9KB

MD5
82946e196c616d8f36f364d5a79de49f

SHA1
2b7fef6cb672dd74621f9436132306baaf4668b5

SHA256
602eddb1e973e4ad608b29c87614b2c8762d06ee13a86bce162291dec1d85417

SHA512
ecec438a4cb5116788f4c7f0e466b990a5485f24da6e3950f667d761ca2f773b7d1bf2803d946d45351704fa8b39b7fac2313c19770aa7747f93dcea3566b487

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\8279

Filesize
9KB

MD5
62b8d09d6550137ef4f32cad8ed31be9

SHA1
edd64444e2bf263adde11a76508a33ee85d81bc5

SHA256
735033479281ff81f14c8d4398602981c9f3d1b7d80ecaec0546096ada0c719e

SHA512
9fa17285fb104c0ec18865f614f21fec3c885da242a81802bc7d4f3ac00e7a71a2c61dbaa939b5ac3d9be86a5a87aacfb2564b9e9c0aac7491043bf64ddd82a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\entries\D82ED10047F78B4F750CAA390C240BAAC50F3BAE

Filesize
10KB

MD5
94c6f50ad87bc91d859b89b4fe2b2cdd

SHA1
43c5317f4087e88d85fdf8b455d5974a16ae53a8

SHA256
187e855d3839e782080b8d0101436f179079f38301175e7994280e0ebb8854d3

SHA512
caa035f5b7088bea622bf78edef72a3a23d4c790014e6c142311c4b96bc9e4720d357a9253d02a7a4879c136f93a49cabdc1d168261093ac285718804082e2d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
52dff4edfc7b9de2a4dcd3ca9394f8d3

SHA1
6caba52a36ae30fffc9ce79fbe188ccaf4b7ff29

SHA256
c1343a1e8d941a039502212a87c28da7989574689a5800f8b5f80b44bf937204

SHA512
8459691d6b13d0c17a3378250993b5dcea7ebc5b050b68c197d208783b74716ac59bc9dbb5fb71ff3c78880d4cb647441a082fcbd2a001a7a99e9254e29459da

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
4c1d2b47e26a0891fbdedaad714b2a77

SHA1
104388812faf044745190036948f842bdd77927a

SHA256
ca95f96846f3f06eee8c8223fb1ac3041e7585b1670664f20e64b9a528d6b1b9

SHA512
4b604abca29f215f9481826ced0ad87029c74d70b281817aeb91fd5ea046cb0319353b3566e81248b3a341c801b28ef5d93149e2493d6b7073fc7c0be3acc230

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
ec5a270d972c876fa62ca602cf25c1b4

SHA1
544bb6441e3aa3e6311f8e80a303d696a7b1a068

SHA256
045461f88a4ab2b3e05649cc1b95c59431db5a15c1e626e035b9e6d83f1e53c8

SHA512
57cbd5692866cda44a25c0c85722c0a6fb93893d62b6376b1ca831470bb04123f3b73f9971945e5b63f4b0f7e78ba5019822845c49cf7d738e1d421e66863aab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
83ba7ca3512ca93bc1eecc5582fb690c

SHA1
ce8b3d72d7758977a25b6d54ad5e062e3b59d1f1

SHA256
5b0501433cdc22c360dc48d6d6355a35559625f0a71cead9d4254eb0cdc37c90

SHA512
f92a70f2eb2cc5f65847112cace6b6f1ecc654e5388abdd3c5c82b68e79879d7c50eec9639c03bc52b5017e644188a0a1dbbc6dba15fa8097c29ad6260a4fe2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
465086cb3fb1d48c0235577257f2982a

SHA1
7fa3595b6c7e69b1ee8a7c022fe0779608904e92

SHA256
1ea50beee145926ecadbf4e510bc1526fd8670b6f8adb86fc7f2409448a4aeb7

SHA512
4f50b779399269f89bf9d1269a20087b7d690f753edafe76784ad73d05f5b5f1cc929ab4e30590f37c892ec5575bef26a61a2f948526cdb4fe403cdb8319ba0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\ce0365df-e9ae-4afc-9279-59f6dcdc77d8

Filesize
734B

MD5
f972b3801d5fb82b8b43a4bd855623ca

SHA1
946a5ee1b97a5c08a5cf8b77ad47e980fcc069d4

SHA256
077252ca3679f797ca3e3574326139d7a7ed47158c3cfaccc1f156307471ee73

SHA512
138398ae5aa342348f95853720047e6583366067cbb14f62a337dec3c6d13372ba7958569c3e357e76f01f1e8e57c5ea03fe5dc617a9ca2862313b5d265351ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\favicons.sqlite-wal

Filesize
512KB

MD5
4c0e972943a86d650a9a1135d481f9d0

SHA1
06f7da5072899265a404a80fdf134cf11d336715

SHA256
68610c54c4e4cf984208af10c7a2b1e05694bb27c5bc824e428c14bbd124c638

SHA512
1e3581d9bd0ef304d90f9743f02534f9a0483b0073699f32bc5b6dfaa5b384fc3ee076c4cf4a8d10ec5ec018fc1461fe520a5dcda189b53a099dc5961ba9105e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\places.sqlite

Filesize
5.0MB

MD5
41cc8d95fbe11567513761fa1c7129d2

SHA1
2850b7d7a40950d1b95399be76adb40ebaf59b45

SHA256
1146e9c76c9c99f88f62a70b3672fdddba0e9ffb0c4104d162fb9df491ee7649

SHA512
97cd1f32dffa059152e933f363a332b372681dde79bbc0c83f1c63fcc51edb2ebb49b14bf41ded2899bed16fcd2cfaf68faf02b4c52f6836d64e989ec1a8df91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\places.sqlite-wal

Filesize
2.3MB

MD5
e42a8b5931937422422d4b242ff5498d

SHA1
f1a8b197aa0670808986631139bd0b268b53b06b

SHA256
be4d495dd82343d5b82d6f110d259ec8e6095233c1a8b035c58143e009ce3e8a

SHA512
b2d4ef55cb5bd82602458bfc3ac7a5b1431ea8198776ec0fd3dcb21d1c69e906e193c3dbf761239bbf74e18ace32af6d6006c44223b74b2f6e5cc78ce3eff1fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
7KB

MD5
af4a98fd87c7646b9db55f2e082463ca

SHA1
0e134a576f467a5dfcbd7d3c6f7f53cc4b0bd7ba

SHA256
722c7a387b0e211eeb2ca7a173b53b085492b78eb71e0d13f3c70fbe3ca5c5b6

SHA512
9a8fcdfab8aca71ec97067feb5c279684cac3874952b600338268d253c4293ab6d7e09f7f529d1b19740f854e7d4982790084137c5e7269e70f75f0f9e28014f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
6KB

MD5
989d74df11d3ebcd6bef37ced19e6a15

SHA1
e3eed453c7739b2272d15432f553708566bf5272

SHA256
67942ffed0a864298e7ab9959963f03b2f74b7e2725402f04f307c44b4990f6c

SHA512
a1dca0e110b633f137c8b6f87f31a0f9b7eca2360035e78aedb58b5ea5e715cca9e21f18a4c400af7deef17aa34cb1becef09bcb5b8375707fbd78758581e45e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
7KB

MD5
96e37e6f80c9e8b0032599a6f17c7b1b

SHA1
4195e43961acbb700bfabd4518832df16bf2c9f6

SHA256
407020117043cdf202fe05f14a13a89572254fcdf66f08607ce2c60c38858a64

SHA512
9fca13a1e06cec956613b6e765852b6a62473d28d14b84bf421afc8a51f207cb8549a3774b25c806acb3fe438e709f67fb169dd646aa937b0b89bab9075218d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
6KB

MD5
459e78df708016beb3ab85840668fd23

SHA1
e64d38931b81bf8c12d3985fc4bc814e519ea319

SHA256
229350f18c42e9e37575743112ab1a4970e9040f801690fc7c888528d533a2ff

SHA512
619a81956b9bed045fe22ef3b6a1e44cbb397bc1a3e488aa41d760dc94572376c6aca3b4228c1e68f3db50a035f36ff7bcdea19e0333a13ee63fab6f13123cf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
7KB

MD5
80ebfa183b32d49ff9d305c2d20499fe

SHA1
9e53c827b209859c9394d4e4860bafdb57a9d871

SHA256
3d1d1151882cfd41d141d52630dec8eafc66de0233731af91b8876756b71e7c3

SHA512
25d77fed4c5a07d29c8e75782761d6241c8436765c7d579c49521be86a16870c4965b01ffdb01f7826d52cc3fcb24f90bb356160fa0e52044aec57f8bef6318b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7d5a64f766eac159cad6cb70d907a379

SHA1
3442d862e67f4ecbabfd5985267fe2790f29f7b9

SHA256
a3abcf8b303bbfee9a3205e17bdec423a107972fa4e94442b09723522c49110b

SHA512
c1066683a7a3e1b97dff3bcabae5ec2bc3adcb392ffc6d003ee11d3a46043ba0766ff56355e50753e78ed8201dda4a1e74e23193e16c76bec4d727bfd941bee4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
95dcb6b32be98923dd8ef11f667cba44

SHA1
0bb7f39572d9610883ae506b3a26014cb873418d

SHA256
73eb3a3eeacbfaec2334e0ba47cc108c2b94b3b56d8c12010f58df61bf41ff7d

SHA512
5957d00fe8e5ec2f97b672b2d254f936df16e508f38d67cd9a254324bb3e5c59c747847c0b9c9afd2dc96397054893a497897a2e83fa96f6c67631aff7a637f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
5b3c59e11c3fd3f9c47df1879022b0ed

SHA1
d6561aca311d014f0edc0499201cdf2df7b965a3

SHA256
6834b9bb180c5ae14a1b7964a7173c8992dc68ff4134e2227f18510e495bc839

SHA512
7f3042e3fc9563b5a3b650b1ec57260db0954386aff62a22950661eef5793cf53edff5a81d758ce78d3b91a4fe5d9fd00e7dba93d29f55a7cc75deb897a808b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9fdb3e1645ad9372c3bfd963cbe8f1d4

SHA1
64174ee01f3c9849440f7000e56ebadb8423d17a

SHA256
f08f2ec84ae55b643df1aafd6b93dda334471de1bd4157718cbe03e7e28373a3

SHA512
691c35131deb619380eb1238dcab6e613b304031cec12b05c56d8051bcc3d96660984c1a346f899fd7793fc89b9f4a98519947ebd6da8fe04e1aacea71c23c62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d2dc3c7502631dfacda95203bd6bc07e

SHA1
3036501b34f1c096516438716588d83ba18bba97

SHA256
1f40ca87096f783d1d6537b364d7d41fc467f5ae2794aebf72504f5f19db3861

SHA512
aa6fe586fb7a2edb3822449245fb3e98a15d328415d41a83a2a8a4f228fbf2e78f72c50103882636c2f288baa04f4a6e11844cdbe09cb78bbdcc4949250e5c49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
b8c981d8a6e98f10ce4a5df485494424

SHA1
65c81cba015d3dc4284060c5a64510613f09c0d7

SHA256
ecb313d753677d2edffb00c704b1800db3debf20eddf8358b4148578453a4ce7

SHA512
7f891e29eb30ed8901581f1f1b5bb61ea2aa9c676063513d8c2b419744ff9ddabdf6a9b48d88b807c33861b024a26ae77f25547a8f6240bccc5b8ac50b4372ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
8596082c6d6d4c6bb850062f18a325dd

SHA1
c9895ec4233f591458d8e7f54c21d7aefe729d3e

SHA256
3890e393a528cd83d461c2dbbbf6c070cd499237c761c7ec46399897d7382c8c

SHA512
7738b748e35df2dce047f6da9a09f8d6b12e9f9341d816fda300cac2ec1d0adfc070e4208722fece4c76c1a7f8863428d1f0f61e8dc49dc97093ba0aa76c4b31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
01841b8b92ab09b8016d1e15789e321c

SHA1
b296285e660008a5faa120378c5a27feee0ded13

SHA256
efc998931798a3f8064b33dde20a3c53edb536481b2dc19a294175820ebe9298

SHA512
81b73c464cb1bcaeb3d74f86e7247e7b4afd267844dd39aca0688f9a74e87f369e554a7a891424f561fc206fa64d24363b21f109b10e9c804f434f492c5546cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\targeting.snapshot.json

Filesize
3KB

MD5
25aa5c1d9d41502015cfa853798449a2

SHA1
b82af1f42fcc9b3f87c2b8e6ea5f8d8d6d5a8b68

SHA256
a4e5b6f662d5a5a71585592f3299d82200cd5b3c33ba32da230a37e252c8270e

SHA512
b90f29b261d007f7eb69e53cc0f5d03b57bac0316a21931c615ba3d811eca070ccca61ca2249144d55fff8546680820dd2c3e027ab7059a47861041573ddd88a

Download Submit