9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
158s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (15).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4948	triage - Copy (15).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4728	firefox.exe
Token: SeDebugPrivilege	4728	firefox.exe
Token: SeDebugPrivilege	4728	firefox.exe
Token: SeDebugPrivilege	4728	firefox.exe
Token: SeDebugPrivilege	4728	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4948	triage - Copy (15).exe
4728	firefox.exe
4728	firefox.exe
4728	firefox.exe
4728	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
4948	triage - Copy (15).exe
4728	firefox.exe
4728	firefox.exe
4728	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4728	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 2072 wrote to memory of 4728	2072	firefox.exe	93
PID 4728 wrote to memory of 3200	4728	firefox.exe	94
PID 4728 wrote to memory of 3200	4728	firefox.exe	94
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2012	4728	firefox.exe	95
PID 4728 wrote to memory of 2748	4728	firefox.exe	96
PID 4728 wrote to memory of 2748	4728	firefox.exe	96
PID 4728 wrote to memory of 2748	4728	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (15).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (15).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4948

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.0.1215853192\1074312072" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9cd840b-b1d6-49e0-b59b-6beccc4f6069} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 1960 2df378f8e58 gpu
    3⤵
    PID:3200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.1.1799412790\1240361765" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f16f18c-b835-4665-9ff9-d4edba4af7ce} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 2360 2df37430858 socket
    3⤵
    PID:2012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.2.73811855\482993442" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 2800 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03795c44-ab74-47a3-b8da-4aa349e96272} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 3012 2df3ba0cc58 tab
    3⤵
    PID:2748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.3.1467540219\688896704" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7212ceb-f572-42ad-8b25-a50cabd2da35} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 3088 2df2b065158 tab
    3⤵
    PID:1156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.4.1768611161\579274480" -childID 3 -isForBrowser -prefsHandle 4460 -prefMapHandle 4456 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4033df6b-715e-4078-84e9-54f00c01ce49} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 4372 2df3cce6b58 tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.5.28110503\2142620240" -childID 4 -isForBrowser -prefsHandle 5192 -prefMapHandle 5188 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84fa3c94-3f3b-47df-811a-51207b7a1791} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 5200 2df3bf96d58 tab
    3⤵
    PID:3876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.6.833443332\636731080" -childID 5 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e562bcaf-4dab-4633-a131-0cb7b2eb361a} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 5340 2df3dbcb558 tab
    3⤵
    PID:4428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.7.791989197\1728238440" -childID 6 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74c3fea8-13be-407f-82eb-3cb787fef5a4} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 5528 2df3e073558 tab
    3⤵
    PID:4444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.8.1241773489\1185501178" -childID 7 -isForBrowser -prefsHandle 3308 -prefMapHandle 2824 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15954c84-13ff-4254-8867-f33458619277} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 2820 2df3a252758 tab
    3⤵
    PID:5296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.9.1248451201\993086995" -childID 8 -isForBrowser -prefsHandle 4272 -prefMapHandle 4536 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9366f437-d3a7-4efb-bcd2-43c4196720ba} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 4548 2df3ce69858 tab
    3⤵
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.10.879570826\1208352599" -parentBuildID 20221007134813 -prefsHandle 5884 -prefMapHandle 5880 -prefsLen 26285 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01d3c688-f2d3-4adb-a5d4-57575bfadd68} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 6032 2df3d853958 rdd
    3⤵
    PID:6060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.11.10217070\589366429" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5560 -prefMapHandle 5976 -prefsLen 26285 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc156334-4998-4d7c-a736-56a5e3ee9b11} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 6056 2df3d854e58 utility
    3⤵
    PID:6072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.12.1233739248\1450391501" -childID 9 -isForBrowser -prefsHandle 6508 -prefMapHandle 6504 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b03c7ee-1c7f-4bb6-b2ef-1cd232857349} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 6516 2df3f105f58 tab
    3⤵
    PID:5412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.13.1355824697\943374738" -childID 10 -isForBrowser -prefsHandle 5552 -prefMapHandle 5684 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {881a1be4-7227-4ab7-9276-23c33519b1c5} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 5696 2df3fb86e58 tab
    3⤵
    PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\25914

Filesize
8KB

MD5
46f4e2ef9205dc23c9b6e81ddf8a44f2

SHA1
fb8a4456e2b8effbd81d2b93d879b6e589dfa496

SHA256
a0cdae0e2169feca06d3720453e434525844167858ad945473ec9b4938bd9f93

SHA512
26e7968e349dc942b85f46aac4581cac5f0f17676d6a51a2184a7b0d1db7b14011f674670b23248969cf8e36f05857207c386e26ff4686b6aa87ac443d455660

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\3291

Filesize
8KB

MD5
784f9564edc66be3077f12095dc39a08

SHA1
441250131d4e0435aab1d88e4fc545267f36ac33

SHA256
41f14a1299e498072c098c005c9dd9e7f0a54980ef1a67ed7b97222ae9888125

SHA512
2855cc31735d625b1a96f3e2724278d551abb00c9ff3d7317c0691e991a2b1039818e657582d4303171ed2a3da8b4f2caa39ec7cf4b0f0674061cfa976a282b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\4103

Filesize
9KB

MD5
5a36593d860411e1327e449b89447535

SHA1
299de39ae3ce45996af3b519a9486aae57ffd0b9

SHA256
2a392de1fb4a8acf7b26ef8ba501eedea94a51751994485bbd30f3c6dadd8d13

SHA512
1fa7081eb9119349e1ad899e9f9c0ccc040bb932394666b7e8f82ca6d06f930b21e8146bd667aa22bc0ff3569c09186cba45725823fc061117fb1c71e289e4f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\4201

Filesize
8KB

MD5
30a5d70e863041da99ae8ff0099b2c14

SHA1
3e4a202531f66b39b72e72853114dc2e70132e52

SHA256
1101ff509181f93ea57c2bf0eee929ed7a8a1f506ba14819cf65c025929d6659

SHA512
dad591317db3deda203d7f181e826e86ade87c5c050dc95315993527521133f4bca4d717c7bae96886ea2cb44d580af24e202f571e4194b0fa2407cc4e2c2ee9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\4526

Filesize
8KB

MD5
137bbaac0e1e8ef44f72f20085caca8b

SHA1
e06d05d7517f880e7d54d8c36e78a06aa6cc8bcc

SHA256
e23a6bb9a9e29e5453ff0ef60bdebb9ac3046dccbde03d4e2b9e74a888445e9a

SHA512
859e9da74c6c031c08505206adbd0a84d8a32f51f92c5a3af330b6f562521837887f920a86e7d32cac05d6984a0708e6fd2aa990b65676bafa4023dbe1c6a215

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\doomed\7123

Filesize
23KB

MD5
b5791f5ecc5148887f2963101a0d6589

SHA1
23a93adbeb53b54872071cff08115020fb5e06a6

SHA256
fb04e7a9880e9ea4dbb9d055d36adc934aa167e895b551d0b7af32973b40dbde

SHA512
2dc3809d988f3b57811cca31ec01f1c4b343510e8c9ff0cd8be72b97377826e66791341f17e9d8730774cf0d146380280136f4d46bd0f7afcea8d3f4980a860a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\entries\D82ED10047F78B4F750CAA390C240BAAC50F3BAE

Filesize
10KB

MD5
172b91f53404f26ead83fd70e7aad75a

SHA1
01ea1edc230924266c21a27ff0ed86a76675c56f

SHA256
4fde76080cc71973f37d0c081fcba657e48d02103f2697d5437345c80533a53b

SHA512
2f2040184f6a2787246d496838482032459c0059a1e9a6f97f55c321d88e1d5845c7452d57f05d6e1531dac4ece8e50d7caeb1b45ecffc38f383f1f6baeb7006

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
c2d04e683676dfb48a21069e5c7760b5

SHA1
595491b9d18a81a5b485090d6b1795761f2876be

SHA256
09082d8a9b316fc8022c0908396879f8a2cc2463a9442a2d45733fd8c8f23dd2

SHA512
3dd7463d2fcc2ee5e3c4160653003577fb480cc47ba2a35c093e2a6f6d58ebf26dc1fb28b8007c4d60c7191295a0f84088d11983aa17dbe2ec45f9b813cd0416

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
c00701235a317dceef5cff5c664898e1

SHA1
3c85ada1f8c6a1a45342508f3aecf301e429b259

SHA256
33d3017f6c3dbe3545f51a1d5d693bde421c31fbf1d4fc7d8f6277441203cf43

SHA512
e2e5350eaa9583d6681f8ba71ab625a250c53060488f4ef1c98ddb90676f177721f2bac79e84e7d9fb096169db69597a58bea84fd22faa7f2ee9a85cb3e4ab59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\pending_pings\38188478-1eac-4a2f-909f-07038dae2401

Filesize
734B

MD5
59c9e702821293a87a49277c45194c37

SHA1
580bb7934b3fe0c2c67beac0d4a21b3b5b17abb0

SHA256
3f13c6723faa1396c972f36c34114f4e253e79e95b01713d25be720dca277e3e

SHA512
486e47fe9bb8bdba0739e06c3675212d632346763943004b0f33c49d0d07a7077c044ea08daec558ca320b8be72a1ba49aaa46a7d772aed2f9992444815f19d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
6KB

MD5
80e1e8c4617f84b569f047b3972b5dd4

SHA1
11549a13bf16d8e51429ad480da60293f9f0d7ad

SHA256
5170ded8d5f74a54af0b6d31382dbc36f417215848e12ec2aef131f1584fe0b8

SHA512
6575e4403863c435f2a6287532f3ab4a26e46168ff233e00ea20d4a191098c0849e7a24f4c53ecfcd76c679abdebf17928dc24ecb972c2aa66cf4b7c4f0ca020

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
7KB

MD5
c6d425559a835548996fdfa799f5cc9c

SHA1
18ddd58ed8c55569ca76ef733884c80441bb3297

SHA256
89ab4141c916c633221a1bb98896b6b8eb008fc9d438d44ad23225860c0b7933

SHA512
1bfba94234a12bc789daeb0980e6427799263ba055321a37e02e19fd798873f984e453577bba88c14000a7fee31a636a7cf065bb62c6217f83ed99eeb8c9e67b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
6KB

MD5
d47dade1edc969ac3efd44c03d08bf82

SHA1
3aa85ea88628be0bceafdf9c7f76e244465b13ed

SHA256
b06d7558d996ccc9472dfe70df1ee1a495609a5722abc38fdd4800b70c5f128f

SHA512
1891ffa46e600d734ed43dcabd34869b3dd223b80497c2c15d75b9fdcfe25a38a9d0bdadb3e3127f6b8d1623835275ec2977140d762a7419521b6ba9619e9448

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
fc65692dede36d698ea521836d1f1cf5

SHA1
3e869ad6921c59ac5ff87edd05d282bf1ee2832a

SHA256
263e9a4e8ae79edb975b1bac44d0ff4f842395aa13650a8f998f0024c66a9871

SHA512
f21a0d86884f933dffecceb461c21e984528a9e71ee28b25fe22381d296d498f5b4a42c22fdf41d133833ef09c61e724668b6d63ead64607979591db559b64ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
fbe48259a8069632ad4923800a2ecfc5

SHA1
4325076fb01f157dd3898c29886c8b8169fd1c16

SHA256
84a41ab993677b0a3a0a450ef7f47d2bb1995603dad76c59150935772c3c244f

SHA512
cda9ab48e255f62e68e823bd3d4d5ec68c5fe42a8f8c2da72afe587100b6a6caeb001745e3427cbe7ad28ad01a17b347e34971b481feb8440d4ac0d2d4393cf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
5e1df1144380089b7ec48dbc47bc5cd5

SHA1
160f9e4ed88f34a49ed872f71685805eb0058b41

SHA256
0636bce562fa114be3f43df0dd142a42388103de2d931139758a61cd5f166885

SHA512
06fa66247668f4218e74b3b19dae0807cbcd536ed2822c42682b881df04b071fcc40bb415e1b2280907fed881d1cc5168976ca970f0366f25e59d00c50d1aa2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
20c5c0a1e5b13ec63bc0a8e6580d7ac7

SHA1
00456c92b8737c2be5f8d35c5bae41fbf07b0396

SHA256
93316bd328965f08907040645c2f769e719942cb69f39389d3973d7f97106d74

SHA512
751b4948777fdc8017c9fab80032ef5714b4fc3d5905bd5988b9236f6c27ab2e6559afa07012ced785f11a385c60111c609dca11ad61c75a425d6a3e644f656f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
83be73dd4dc614208550de7d0000b386

SHA1
f1d21d92c14924af3153a6992acb00ae14c9949d

SHA256
3742a32ccb356dafc78b7b24a631fbd748bbefa161aae24b88aa56e75663a792

SHA512
fec504e1461de1f80e290f3ed03c9d8f8d3af8cedfea11cacb83945298eac567e71d4d5d3a13f787adf878061869e8fbd9f80fbfe5756087ae01a08028404b0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
8146beb27403823a59bd8328b16509a3

SHA1
bf4ad5a61d5c2f26ea14ac8d0c1215862f31ac02

SHA256
e7621df1d7d8aa26af11dbce1fba15bb44dbe9d87ee58931a4c869543c80f1d3

SHA512
6908aa573159a2c2eaf48cfaee19aea79e2a28b93f88e253e894e226660c4f5af653aa5b7ceb2b1d92e7d5a33bf802bbf21b9991f97454090bb908bff1744dbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
079127c842937f5e4a9782316bc0c820

SHA1
c68ca1d7e234a137c5d94b07b5f2692714e54f53

SHA256
b29da824d8a49534aa1791348605f6c7a2b67aae4f582806f51a33183c198e5b

SHA512
4881457517344b2d71d91d9b09e1266b06f9b1e093a5df3ffb00d3084f2bf06af3050152386d6777006ce8867ab408705dc6e0cd04efcedb68c82cc7c31783fd

Download Submit