9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29-03-2024 01:48

240329-b8d7kaed2w 3

29-03-2024 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
582s
max time network
605s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (5).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1944	triage - Copy (5).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1612	firefox.exe
Token: SeDebugPrivilege	1612	firefox.exe
Token: SeDebugPrivilege	1612	firefox.exe
Token: SeDebugPrivilege	1612	firefox.exe
Token: SeDebugPrivilege	1612	firefox.exe
Token: SeDebugPrivilege	1612	firefox.exe
Token: SeDebugPrivilege	1612	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1944	triage - Copy (5).exe
1612	firefox.exe
1612	firefox.exe
1612	firefox.exe
1612	firefox.exe
1944	triage - Copy (5).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1944	triage - Copy (5).exe
1612	firefox.exe
1612	firefox.exe
1612	firefox.exe
1944	triage - Copy (5).exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1612	firefox.exe
1612	firefox.exe
1612	firefox.exe
1612	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1576 wrote to memory of 1612	1576	firefox.exe	91
PID 1612 wrote to memory of 2764	1612	firefox.exe	92
PID 1612 wrote to memory of 2764	1612	firefox.exe	92
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 3156	1612	firefox.exe	94
PID 1612 wrote to memory of 1104	1612	firefox.exe	96
PID 1612 wrote to memory of 1104	1612	firefox.exe	96
PID 1612 wrote to memory of 1104	1612	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (5).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (5).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.0.1927679418\204069680" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1824 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec682130-f062-4bef-925e-5587c20207ab} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 1948 1f483a83e58 gpu
    3⤵
    PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.1.746358321\2055464955" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b69fcfe5-3789-4c9d-8207-9d32c41301a9} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 2348 1f4f5e72258 socket
    3⤵
    - Checks processor information in registry
    PID:3156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.2.223950329\230980983" -childID 1 -isForBrowser -prefsHandle 3088 -prefMapHandle 2992 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b65b2f8-0b2f-481c-a503-439df67bd491} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 3200 1f48699be58 tab
    3⤵
    PID:1104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.3.770520731\66978218" -childID 2 -isForBrowser -prefsHandle 3432 -prefMapHandle 3160 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b112f2dd-acf3-44eb-b547-0a5c72fbeff1} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 1388 1f483e9e358 tab
    3⤵
    PID:3464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.4.929646267\1062552055" -childID 3 -isForBrowser -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {683feb82-e72b-43d9-a125-b9aefe1e0971} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 3676 1f48536f158 tab
    3⤵
    PID:3988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.5.623365360\1070209181" -childID 4 -isForBrowser -prefsHandle 4760 -prefMapHandle 2788 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74cf0bb0-0f0b-4316-ac18-63ab66385f8d} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 4844 1f486283558 tab
    3⤵
    PID:1408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.6.501712522\1279797527" -childID 5 -isForBrowser -prefsHandle 4776 -prefMapHandle 4772 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16e03e83-e1b2-41dc-866e-88c73518bdcf} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 4796 1f48893f558 tab
    3⤵
    PID:1592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.7.626534852\1835998314" -childID 6 -isForBrowser -prefsHandle 4956 -prefMapHandle 4976 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {528526f7-d103-43b2-9f6a-5849d671b8ff} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 5080 1f488940458 tab
    3⤵
    PID:1516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.8.339918461\1701410851" -childID 7 -isForBrowser -prefsHandle 5140 -prefMapHandle 5484 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0fad66a-8ae8-4fe2-924b-ad5704a8730f} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 5504 1f485076b58 tab
    3⤵
    PID:5396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.9.1144851303\89931182" -parentBuildID 20221007134813 -prefsHandle 5956 -prefMapHandle 5952 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {deb8f06c-ce02-4f60-872f-26e5ea52e314} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 5948 1f48692a058 rdd
    3⤵
    PID:5480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.10.601588060\1430508431" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6040 -prefMapHandle 5940 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7850c37a-e849-4a58-b1af-bc24ac88dfbd} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 6064 1f48a359258 utility
    3⤵
    PID:5564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.11.505648592\120961843" -childID 8 -isForBrowser -prefsHandle 3840 -prefMapHandle 3864 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e404aad5-3da1-4cf7-a385-5ce89f497c5c} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 5152 1f48a4eaa58 tab
    3⤵
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.12.1017626399\759959968" -childID 9 -isForBrowser -prefsHandle 6424 -prefMapHandle 6420 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19fad6c5-ce57-430d-a914-e00af807f1d3} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 3872 1f48a23d858 tab
    3⤵
    PID:5688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1612.13.1637016841\281100102" -childID 10 -isForBrowser -prefsHandle 5324 -prefMapHandle 5332 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e72927f3-2bf5-48cb-b947-3645dbf081c4} 1612 "\\.\pipe\gecko-crash-server-pipe.1612" 9368 1f4ffcfb758 tab
    3⤵
    PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\21831

Filesize
9KB

MD5
ee45e23ba75aa7c45e5bf4639083167f

SHA1
c08dabeee86e4df9112e6efe5edd9d7cf3c7880b

SHA256
725cb39e6df9747dcfb46d2031d63d07028bbcd9729fba2eb84dacfcdfac9873

SHA512
e0598fbdde48ac7a5aa96b83978b09f09a7822e379d1998f42848dfe04d2049883bc8911705c8efcefcaea307978cf4f1d2097c10b3ca3e221c5ed36aa434266

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\22074

Filesize
9KB

MD5
ab3d8f9c74851e0fde945a6544685db3

SHA1
b1768914013260cb0081288a6e953de5ae04b3da

SHA256
8736cef5c1b7d794b64d555b49405d2955f4c11c58cf0ac2caba573198559a90

SHA512
2b0bd22664d99b7d163a061c88d871f1cc3fdeb1f484dc2c2db1ab619324e2065c34d6ee1893c653bbfd815b9ed28f205e6420390dda0bf428c5ae3df5858ae1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\28271

Filesize
9KB

MD5
8e747b2e4dbdce797a92371b2a60b9b8

SHA1
fbd80c04dbb0a1b8f0a8902d9127ea58001a2bab

SHA256
fcf18cc9943868c99a222627cb11d3ae497703d1c6b57ac5e9248cc2ab6d650c

SHA512
58981d97b55c1d17b7d16872bf544119182a9e871cb2950adbb45e43098a1240fc9ebc34aedd857e9fdea21d2c469924ab63e2f50980952a4435f501e145ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\6064

Filesize
9KB

MD5
5879ff58b054c35f85245751b0c7b750

SHA1
187a0d0463152f324839ab7fbb903d9bfe7cc526

SHA256
be33b11078a3088ab54f40d7b40228eb7fffc448387df5bd0c93fe18061e2347

SHA512
8291faaea30f9fb8d87a3ab4fb48253b546323995f469e1fcc3c9b1eebfdf722e8d5faa381d79a15c3d81618b387d0694994eea17ce6f2232845989f67830b35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\entries\D82ED10047F78B4F750CAA390C240BAAC50F3BAE

Filesize
10KB

MD5
97d3613c69430e78914655c253f0ed85

SHA1
6b69a60c77f60c08e32fe534150ffb343d171208

SHA256
16e99f89775bff4ac8c441c4029dcbca28eb6e590526f3162c7bd1f060dffee9

SHA512
6797f93c8f86378b6e48dc3292af6fe3745075fcdc7b5f6670e42c30af305f25f102c408cbbaf3c36170c97f98646b573a55e475aeb7d87d4ffda1982439ec86

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
4c5c83fdc83896030e5e1fafa8e2a650

SHA1
23e23b5f4b5e29e826ad8e359062b0aecb330e0d

SHA256
be1e1add70488c52145ed1179ace0e17c8be61a7997fa975e004eb00d7f5006f

SHA512
db912b2f6d0bc7fd69801fc5d476520e0ce8e7ee0ce125c1d9a9ce903253b00031b57af7ae269c12b8da7631e1394a87bd84e40422129a50c1ae5e8a386f813e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\thumbnails\d1e6238716441fddc7f6f03a56a3feb3.png

Filesize
10KB

MD5
b9af80be274c53590c8f239581465b2f

SHA1
09aa421c7816c322d89e79c8429f6c66075b9bb0

SHA256
f123180450d080ece6e034ba92e723b7cebebc94c51989b0f8de5ee66f8283da

SHA512
dc69288025969d91bc3b3b95e5cb3858094bc2c052e3fb8365ed7816e2b4b630f2f597eb53e67dec1792e37fdc03a91cbaa1b0a6442152ee18b1bfdec5a7130d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\thumbnails\d1e6238716441fddc7f6f03a56a3feb3.png

Filesize
7KB

MD5
cb0b1cc21c21a252c91ff3e2c142f427

SHA1
66fcbbfde395115089383265ed7c51e74a010a24

SHA256
a72692c366ac0e183054535bbee42dfdff751e41f0d36b2cb2746589d242e530

SHA512
273dccf14c1a69c1e05d23a9a862086e789dd103e093ceb6a7336049866c2902ea2fbbf73e96e7ff19f485ef65e99adb01bf26da1af353ace532320f19f5d72a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
59f48cfe5bdf361ca00a7e782658cca8

SHA1
b950532a1ba1f62aeba1ee59e299cb18c96cd618

SHA256
6b7a5d527a52f7b8913a044f20838afa9dca9e213dbcab62aca37ecd95a75795

SHA512
02e44202eaa8bcc3f69d04d87fbf1edca3f04d0de833dbb4bfe9af9e07e7e6a4e8a5dfb77d8f485415183ae637b575afa26e32d70c93d8583ec3b79d39edeaf1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
22978f9c51376402c725dbd13edd7405

SHA1
bc9786e43f7a889512a2ba3ed822af89075ff5fe

SHA256
d8d1e8fa23837cf647de5ee3574106118fcdc8ba34ce33ed935b10d6ed477094

SHA512
e1fcd2cf4b92e8c144d36ef4c47af72594ecab7a482411f10ae92c50e0a34d4d017d0c2118f412506f2c51b155319d2ce91da22dd881d5b179a176f2347c8eae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\pending_pings\c7048d5f-4c9d-435e-aed0-7a8f3706abdb

Filesize
734B

MD5
db03bffc45ddde6fc4dfdfc2406ef3e5

SHA1
8d51ff1b0346fb90ae5f0b5e98e251697f1cea3b

SHA256
6e06684476234bdd1d54feefd653b8ca3a7a0f67e4365cbd5174f6ea76efe614

SHA512
0f0b4cbf6d45a554fffde7ac07ff2482ae9cc0600123f53b95491f3cdaf7452ae1c55fab26b758c7f821c0d3c64fcba3ed27aa1d7f406a810ee30ff2c3b404dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\favicons.sqlite-wal

Filesize
352KB

MD5
c55c3820118f603b48adb9a99d0d358d

SHA1
1f622fca8ec047f2a9dff0484f5feef425f5dcec

SHA256
2ac984273c8e1a3d389d16d5fed53c00caab4b0154688fb755c671fbf93710d5

SHA512
88e5e32a1dd65a1dde31e16ffcf2ab71ccbd8c6df9baead0d48892daac442908e050836d8eea78037af1139671d6772b9a84ac3186377aea3454e9735774e936

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\places.sqlite

Filesize
5.0MB

MD5
a80f0cc72206a5cc4901b51f8b843a29

SHA1
426cf59aeed3d416015fd85f1c1b2a88b98a9b26

SHA256
a1adf1dc236271ae9e74fff6dd36a3d3b955639904c487d957e6671f2932b717

SHA512
50d6b406fd7f0861a2f3509d3cc759a67d548bba21a2bcd836c9a91b20957b633a9ad835cf19d1c198aaf50f064d224f5ed020208216348af3229fd5b122fa2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\places.sqlite-wal

Filesize
2.3MB

MD5
f563b6812598d344261004f41f212316

SHA1
236934a7f534163bc2ced4ab0b9efe8919c6a54c

SHA256
44d58f737b9aa8e0bc0d478fb5a9927e6c3e1aa1886930dadf638d9c73d2d801

SHA512
4568b556c45ab8c8ac8c749e4f2c47af5c9171f0b4122fd44b065b09c0505f8af2852208dba661105d4b5901d9746ba504fa5ec6a0bd28e74f8ba8f5e9039aaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
7KB

MD5
4243d6e87783a3f31df6d8404c4db348

SHA1
31c3a83570f70968184970ed9152f8db84d0ba4c

SHA256
8586284448d6cb6776223532778b2a7f7805ba39e17d27ec21b58e7586e19956

SHA512
485ef1a22c6f267f8ad1176a29efe589d3bbfffbebbb988900a496df57cde142e783bed5f2787438908a89bbf27fd2434939ba40929fa10c8c65290847585536

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
7KB

MD5
c1265fc59c73675d8adc651114d962be

SHA1
af76d3c09458e9f32858166a742ed3a8645861de

SHA256
7057f59b782a43f11a1a4892c3689dccc4a29bb9c2fe563a41db6884f0d07cd9

SHA512
63eec7ed5902eeb2ad8ea7ec95e0f7c2885166914feeb346d805178899ee787e933ee054c8821d14aa19df7be0660e042f130812de9d8239f4bc59de77e7c2b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
6KB

MD5
ea33a102cf13b5704996b65a8b5dfd26

SHA1
dad9e9635fc00331d6e0cca70564d4e5dfccfcbd

SHA256
c0bce6a73b50e4e1a4a029d7c887279bb358395a7b742c8fc8f025f8a480c572

SHA512
0cf0c08183ece848f15922750b3d7cc15dbeefec5998b7e69acfe178b93f6cd3ad3de473b126c1c9720662b6ffab9145ca18a748206b9af38cc7cd78f13aff04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
7KB

MD5
8cde57f5d8af8ea6a9a0bde4aa5ff2d6

SHA1
e43f2c1e11ee2ea5086b873a72354ce144b57960

SHA256
16fd04641a00e84706cc707a477cba6aad8f03873750825800132218c048c861

SHA512
9b9620dfea43c77c9f4cb54f9ab3e9a0a164f75dd5f02f114368ff8bb601c7c544bbd8f9ee23d40cd60f1286d5ad66de633462d7e2ecb05bf77fbbc6bf9446f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
6KB

MD5
a05cd7f855bb3882e8541c5292c0d590

SHA1
d74c8ccd4fca62518d1ce23567741fa248a2fd30

SHA256
421cd393cb26adbb2f4a8d22cce075d57a9f6ed7c5bd175495a821b260e74737

SHA512
c37dd8d06ccd3e932645d94afef5aa756e45daf39c43253c1ae566b8fa2afe9f9f25d86e6d5cb890005f56d29d5cece23e0cd8403f8c3ab1732bbe926ecae292

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
16901cc92a32bf233e9a0343f1464cc4

SHA1
14aefc82516d0554b7d494cd2befa9b2d4b7cb1f

SHA256
1147803d2af04e8a68deef6e89c5a3178ba76d0e73430ddec960616350a7a3a8

SHA512
60adc2bad0dc5b2491cc5711eef98d07c53549c882709e169f13f823b7ea380406e648da1629b51698b13f6d825ac3c90d11e5236e1185b74e9df2eb29fc2ad3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e81b5d8038d9eff424287b06db207fa4

SHA1
9ebb410417d6a9b30c2f22fdf39dee79f5853844

SHA256
677e045b9d7da0bd4da12e55845be7171115edce51bf1b62e3296dc5d2fb08cd

SHA512
264284850e10159df8327c5ff6c7a05d98be1d08cb32ec2e2fcb39eaf64cb99c2e6646e402194c16b0de4f78ab4371908e41e9c914db19c949f620b564f83fa8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d7bfe2a6038783c464e5c3493d2b23b8

SHA1
90fb4eae30129c4c422c7cd9c1a9a1c2aa61f817

SHA256
7b6f2f5d0e24a946db61ba45c6e12337a1c3c953863f731df75b721594566a4c

SHA512
672d50602931e7483fc28de7a7860c810f58b6cdeccd84442b3addb39a33e514e5e06129a501be8df56f7c5f5b7206dcb80f6e163e90e2c80bf49131e700cb21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
bff777b4325505cb4148a311d77adb81

SHA1
8c833b9ef28162b3eb78794c97ac5cfb690a222e

SHA256
9a863553e687bffc0fc91e8f40bf1702e637c95e1edb0f5ec4941c9fb823fd28

SHA512
5c032688755b6463153a554241e74edb4c850049d7bf84fad23544737ca8dce456c719bf42859fcf6b989cbf3eb795fa6db5bc6f3776f631d21eaa37576eea39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f5aa7cb1e94ef2fa62eed952786e5d6f

SHA1
767100a498e0aedadf23a977ac3e5d9534cc0447

SHA256
bb6aa95af689feb16a0bfa7b5abeae8a5a1fe5e13c9a2fb860c78b446972823a

SHA512
bb9bc80cb5dbcfa959d11cee0b360c0fc89d68d7c21cef482ca38e1fc8fa64f6f3e3e3ddce626813c73553407e1f08ca45995499a250dd0256d0e2c39c0f8c9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
c0c19fdeae6e6e5188ce49c0edae1356

SHA1
dd48929a0a43a8139e1fa88791bcb4d084900293

SHA256
7f17f7a661c5d8973f873a488950243ddaa4aa0a65922edbb53b3682ff937470

SHA512
f751b4eddb8d2053667f3a011bf963406c8d64878ad69ea6c0bb23babee6d2bbe70338cc0942670ef2c0e0bafce789248fa3de44b0b7eef84003052073b686b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
b64e1481ccef0959ebc63c37e8c5cf43

SHA1
2217d0f24b4e1747422038a5b24aed0ac53df6ec

SHA256
b341e31b4660447a5d0816f01fed00475617006ee9c0b1bead27e5df8655e9e9

SHA512
d505f7b9bd3e3bdbf9879f5bf1d7f5aa8dd80259d820ca591f7208aabaa27e55913c526042a4fa3c868b9d44853a9e6282d663d14861047f021838c25c01c74b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\targeting.snapshot.json

Filesize
3KB

MD5
e85cab9c2ca00d0f49893b3d931903aa

SHA1
36a240a491a31568c558f56c43a65070b800ce91

SHA256
56aaac134833b259ee074ee7ccc24a6802d22d877006be82168489fa8386b1b2

SHA512
6e2397a6ac1714d7d23ba7acf8a911029c3fc5d751215c0c7e79564694e0bf3e0d1ae1f712be397fc5dd6a750919b4e3d5ba9fc1252a018571068aad1f84a9c4

Download Submit