9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
133s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (17).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2720	triage - Copy (17).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1620	firefox.exe
Token: SeDebugPrivilege	1620	firefox.exe
Token: SeDebugPrivilege	1620	firefox.exe
Token: SeDebugPrivilege	1620	firefox.exe
Token: SeDebugPrivilege	1620	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2720	triage - Copy (17).exe
1620	firefox.exe
1620	firefox.exe
1620	firefox.exe
1620	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2720	triage - Copy (17).exe
1620	firefox.exe
1620	firefox.exe
1620	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1620	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 232 wrote to memory of 1620	232	firefox.exe	98
PID 1620 wrote to memory of 1660	1620	firefox.exe	99
PID 1620 wrote to memory of 1660	1620	firefox.exe	99
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 4080	1620	firefox.exe	101
PID 1620 wrote to memory of 64	1620	firefox.exe	102
PID 1620 wrote to memory of 64	1620	firefox.exe	102
PID 1620 wrote to memory of 64	1620	firefox.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (17).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (17).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:232
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.0.1033352712\1205772142" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b060746b-b08f-4a00-a95e-1b90dd7394b1} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 1964 21bf68d5058 gpu
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.1.1150737538\1886791712" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8359df7b-f739-4bcd-a3c7-f6154086e6d0} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 2360 21bf623e858 socket
    3⤵
    PID:4080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.2.1491811039\651563962" -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3008 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65755db2-4446-4970-8b10-7e27ef6d5e8c} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 3296 21bfa7d9f58 tab
    3⤵
    PID:64
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.3.737502079\1861348677" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d0dc757-5c88-47c4-8f02-eaf2659ab8e8} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 3440 21bf8f1b858 tab
    3⤵
    PID:3484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.4.832804191\1284725706" -childID 3 -isForBrowser -prefsHandle 4400 -prefMapHandle 4396 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd9b0725-421f-4cc1-bf26-d45aa976edb4} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 4416 21bfc014f58 tab
    3⤵
    PID:1380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.5.1873045980\1033386884" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5072 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48c408ff-f52c-4f8c-9dad-95664e8fdf2c} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5052 21bf8db3d58 tab
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.6.848258325\11975264" -childID 5 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73c51c5f-bf88-4f68-8dfa-e988223af8de} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5252 21bfc911958 tab
    3⤵
    PID:5212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.7.1787864187\654201984" -childID 6 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {467e2573-6f9f-4bdb-8225-15c84cc7e972} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5532 21bfd614458 tab
    3⤵
    PID:5220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.8.1700135627\1995537610" -childID 7 -isForBrowser -prefsHandle 5836 -prefMapHandle 5832 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44f1329a-acd8-4be1-8f0b-27f8fb760eef} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5844 21bfa8f7b58 tab
    3⤵
    PID:5748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.9.2097327144\1967683729" -parentBuildID 20221007134813 -prefsHandle 4808 -prefMapHandle 4764 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47e259d3-878d-4be4-99be-97eb1e7ba364} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5876 21be2b6d958 rdd
    3⤵
    PID:5196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.10.327252640\1575665627" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6124 -prefMapHandle 6120 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50af64ab-de52-4401-bac0-fe5e9c23836f} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 6152 21bfa7c2c58 utility
    3⤵
    PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.11.2033026067\1957449943" -childID 8 -isForBrowser -prefsHandle 4652 -prefMapHandle 3604 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0220eaf-d9ad-475f-aa8f-6e2899a47db5} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 4528 21bfc9b1f58 tab
    3⤵
    PID:5900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.12.486883331\956106500" -childID 9 -isForBrowser -prefsHandle 10400 -prefMapHandle 10404 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fde920d-b4f7-4721-aeed-e68926e118ff} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 6428 21bfe860558 tab
    3⤵
    PID:6016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.13.1994127165\1219286139" -childID 10 -isForBrowser -prefsHandle 5284 -prefMapHandle 9244 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {823af96c-b02d-47cc-abfe-25bc02485294} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 3604 21bfd91f358 tab
    3⤵
    PID:6856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:6616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\11449

Filesize
9KB

MD5
45a9341b7369fd8fa68a953585ff84ef

SHA1
afa4abb980321cb23b253a93c24df3783ff0824a

SHA256
b590f815dd73d7075804a1483d9496946a7fd2b2104c4418bb124707a3e7448e

SHA512
f0667ed545808f64bf760a3df6da4e3935ed708c676ee5058949916cd26e0d5979c564fff76d324cd1b86097c5c0a5a372baadfb80c0ee7e808fbacc6d2000a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\12695

Filesize
8KB

MD5
f6dc49581f11c40c251fe50f7f7e1b30

SHA1
9720bd66297de6970cb7277f99a94e3bb7670f58

SHA256
6585d1a1437a733f159d730076600b64652c74393f7ec599b1102b00fd0bf026

SHA512
049ef7dc5053734957ba5705b5b5c7b16fa310c3f77562d75689668994ff3baa270715d2985d7479884613508489dc1dbb0fca3e8f6e221bec475bf741bdd4ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\1282

Filesize
8KB

MD5
8f946dadecdd8aacc7ef57a782163433

SHA1
aaf42e882b22b78840b777acde415c9c3392f8ed

SHA256
a6016121444ec7a6a5597def2129c885406778aa72905c8a5718d6800fd1567a

SHA512
f8e0bf81cc0641c040b010824efccc6d739dd7e6d5031c200be04db219717548f32af30f8db4d44b078d31b4194bb444eb25b4b8f9210a34d2263e74ae36300d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\17667

Filesize
8KB

MD5
d703531fe665f24956ab918442933db8

SHA1
69e68828613a47de7d70546711a923e29c6cec2f

SHA256
3fb59d6e7057e1799c65247dafdd4812f2e4577b2b9677d03e3d48fdc30df507

SHA512
6e0a3f30cc1a2dc7df6aa23af79ea61832e14a6aebf689414e7126c61e8c115b8b3b4513984ba3e01ffbbec53cf07aa92a1bc61cef5cc8a69e6157dfdb81491c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\18070

Filesize
8KB

MD5
7187c1f246127b770a673f78f70e81d2

SHA1
e47ac028017e10b86a3ae120fc7ba0802141c98b

SHA256
e2136c017cfc73b30aaea1ecbf3a566a9d93c9a04cd20259126fcbef2e4eefc0

SHA512
8462743006e716f7c1451e0f17b00986d925a8af14bca7095df833da7712a5a1050d8848561ee3d54a543282cdf760686b20d7c11036b961e8926520d6eb016c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\20023

Filesize
8KB

MD5
62dcedc6fea3b8e491f42ef434adaf98

SHA1
44ffc2b44073559332748a4e911fac9c4eefe240

SHA256
f87da105c9b5539e17651291ab24cac7c54b6fae7198d6e2c7c0c886329d54c8

SHA512
18ca70608e3c8b2b9b26247c7dcc16f62667a11a88e7f49b7afed38789618deec8102a87a76e130a8200961f32c0f4270e3575d87c27ff4e5067a61013b0df34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\23211

Filesize
8KB

MD5
6c3efff03f10810e9a75311d6f46b00e

SHA1
b23e5ecdca34153de755ca47f7f90e359df61426

SHA256
8b9611f97b3e7795d30e5c03f754c7c0e043c034478e04ba4d2214d2701d172f

SHA512
6084f29c85af7dc02bfe2c28d372a952db401fbf20e4432d8f1938cb9e9c2b62ddc49228ad1dd7115a92814d55e26e87c4d12f63d067d1554acecac897b9666c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\25340

Filesize
8KB

MD5
164b1ba6f899584b1158e75355b75a44

SHA1
7a57932117cb802f728e7bc359f9e6ef04eb9c58

SHA256
4c452580f28e31a7df00086d610f83dfd38e1832e61951b4d5f61302f58be23c

SHA512
17af600e2e1dfb8ed664f181e59768a5f8802a92cf927576b9154f45b76b0915c4ab59c82c69500b974a30e77e1042fd07ba68c1df75155529c8784c02f6d0fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2616

Filesize
8KB

MD5
ec0d97326227147171d6e94505a60c21

SHA1
333d00b5853a1d48c962949358a77c616969fc9c

SHA256
942c85d2dd56e4ea240cc73e594c97e5077e2dd3d158e0d749d5cd58d8c87cbc

SHA512
30e7ada20e0893fba723f28280d6dd6fed5c740b73cb6de2b0895a03b54f55e0cae0ff4d8438b72615b126ed5f3dc65e51f1ec46a6fec90011a1889455118b96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\27812

Filesize
8KB

MD5
a178f89fa8a92ee9a7b4276ed1eb631d

SHA1
8809c7071944ba8d2e22130532c83d35f7322801

SHA256
b204fd7d9a781fb344786fd515c759036388e2239ba01eead715cbe268a02601

SHA512
01f1f6e281d293592db5bd195c87d88d275dc2998ee79f1818f519584adf620224571ff7f790a37b2e0a5ad853674c036bf908c938add9981ccda54fb5f4a991

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\29271

Filesize
8KB

MD5
663b548716445ee92212fc80ccd1a402

SHA1
4be506d12f64833c28c4223813715309c3b8744b

SHA256
38b5d3de0e23fbba5ff79b723e74ca1f5f499da3d377733572985867a57d6e05

SHA512
101ddde59240330f87875e120cf0147944d388ecc1cda68b0d17da7a58e502374fd503c6a616abbc79e96783324d3786235d81876d8b8dbb0737669eba4584d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\430

Filesize
8KB

MD5
f8a186c97ebce95504d3f89aecf75008

SHA1
edadc06f8a904a713863f20b859578f9327e62ba

SHA256
9e1339898e12af657b593a8f9422d319cfec7b6beca3a37f8e3316846680d51c

SHA512
e1535590d1d1bf4ccd2fba9570c1b68e74b8a2f91196892723c1cecec609c3f55fa2125171f97ef1c8a1a5e25a13438ddd868cbcb67da750893aa5dd299769f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\9430

Filesize
8KB

MD5
b887f8fa247b9f2ed58710d4425a3572

SHA1
b31206840601daf065c1143f57dff9f80e8eee39

SHA256
f436543517875ecdf5c3d3e456ab6d6897d7790c5051777f83e85903f08641aa

SHA512
85c92e71955e83e0bd35edf475a11189ffc66b7808051b742b90343075b1b00dee23ccb07123c8a891b3e47840682230ad30777ffaca3db11e2e58f77380148e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\7D1CA9CCC9AFAA13114E2A028E023345CCB10BF1

Filesize
10KB

MD5
162f9b8df0a3a26bb75445caa37839db

SHA1
5b87015cfa860912983f9e9c1b400c74132a5dd1

SHA256
5528e24c2cab90cf50493f43226f470c36a5c3d25d1d94066a9ecc4f56713825

SHA512
f3b297dfc3db8aa05f619e714375d25e42afe53731b47b6b39907fe46f2323b8d2198069f1a83bef803e79c1892e08785fcd3b22102ae1ef53b3c5047a757b83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
141c659653159151b90aa969c288366c

SHA1
010358f00b7faffdfee689c6af78f1687031aca4

SHA256
43aa5bd5f8c277ba3b5293a402f35f76bb97ff069c6831751e39e1626af5cc33

SHA512
4567295be53b0a11822e9ce5277c391197b4417a161196d578d59de2cec87a173a63a38647d59d915d4ff8f6e4e33378431187467014b38fbeccf2ddea33f973

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
caed71eb6f90bcc9cfe163e5b8c66f90

SHA1
73b80b780906e051dd8a8cb2782b668649fa3efa

SHA256
74a04a6809d6296ec338ab1e9bd15013a61dcc650236ca188133875ce632a7e9

SHA512
1e0fa64e392bbd2f99049d3f793fcd4088ca9b663195d5323c9d8c5de60a438f9746d665e47c587fe4901b6e7746c0aca3b8d616671b62b061e8532c49739b03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\2f7f5db7-dcf5-4fac-8410-99808736ca88

Filesize
734B

MD5
6e617adf32459279b18d3ea7b054af02

SHA1
a18e575d8277e1c850252416d8672a84bc10d468

SHA256
11c43b91bb7b55ddd81056f9a267440f679f365e78f183d5354ebf11f513d3fc

SHA512
5194940ebca4e0879199cd321e66885d54132779dd9efa13ee64b7519fe7e6f9af277e1ee03c9508ca4a81c3b532ef2ae640732f53569160ebf716cbb0607519

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
bea4949db49a719496a2c11890508c97

SHA1
52d4363ce1bfb07e6bbda37fc575f7ee7b2565ca

SHA256
db8758bccb84fba4f91ce92887178870c5ca14457d97f3840ac180e655736db4

SHA512
5956936dd80d40214781694d567542e5055cfd16eee35207a7e81029057c6b753d38afa625f01e3cffc9e361fa23bb78ad7097125cc9b52bad790c1a9800cd34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
79be1e0400aa668ed83d1f41341c986f

SHA1
8d315a27ba1a46f8c8ac692e0823498d5a58ea17

SHA256
f6c2c72c5866e4794424dde869affe1dff10abe0dc4152812d746ecac027fdb8

SHA512
a62c36835a7e14704a9d26c4698c771771684bebfa7ab2dc3778f5c49a4e69ce9c6e92c1f52e5c3bc1b81e58f699886a6aa4740d35c3927fc8d991528aa7e2f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
5eed20389d97a259ab1932fc03f3d1db

SHA1
be9e29d57a73122410a3e5c5f7586804ab049a85

SHA256
317685695acffa5af21c162617b317f5cdc9ee8e4df2ca138df40700dd08fadf

SHA512
607d6bb34de5f6e5975f74a13855a85ea6be7c122bdb3f7a80e4b329e41cc7e1d2d06c43b5cdd90a78985811646ab837d8817c471334c37bb47d38ae44ded94b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
8e0a3c381d7e67c57384a02ae111ec01

SHA1
97a5d8861d4e7f800d7466bf37c21f7d094a3ed3

SHA256
bcb3b1833e05eb421158c9e3d3a8cb3c0df78308b143840179aa29373116adc9

SHA512
2cf21941b25b49abc0d5c535e88c4509ee9603db7ec0c2e54b8ac1699598bc41656241e8ce9f2e2bda80cfb007f58af3561fd027b0effb43708625dfc8a04da9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
42f68279fcd9cd2c084c313dbaeb62c0

SHA1
748843f3ed63760e1ae5337a9d1a11ccc4011b7f

SHA256
2d6a5b6b7d011a86ccb2d3a13fc683f704fe987bf67f0d1966bd23efec19f021

SHA512
f1b8a6130a1db8741698ce603ed48630555708dc344793eff3637ec0376992ffd69079ce48421adf2a39319a5946dccdd76a3c059e833603fea8d2c26eeec3bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
efcb89d6b5af4b13f7621e905745f4e0

SHA1
ebf5962d586e35e476db021b20cf518de2e779d5

SHA256
757ddfe62ee1e14a82e6971dc1df359efb29ebba3dad1c1fd2ad2a8a44157d82

SHA512
b0597c67442ed098460196f3c8b4bff0a9541b004a1c68a3a1c98e46b866276c881b92372c6b9935498524fc6c595bd1a4f47ae2566212af31800222461468a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
0b40636d91ddb858e89b206f942c3d1b

SHA1
6aec30b09687312a0ab3ce2fb43a4aa6e1a3be88

SHA256
e864d40bb623210b387af8aa7bd5a3d415c86ee58c1cb3a32a41309ad5faa8b8

SHA512
635f67e94512c34887d2aeb86715021e3dece3f00ccec55e06bd18f4f5067c1970a8c0fe64a29c3e2f82becb876fb45cbc3018933c8bcab1988276a4249aea76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
b46f2613756f2f72fae2b2008c5c2796

SHA1
c9fc05021a167e7676bb61aa3d150584971d674a

SHA256
d6132db29266aafbbb3bb9e346a0c2b53a5969797da921efe5fe9f9d6c2dd744

SHA512
c56f66d6130f093692f4efcc222898044d63f1cee57cab43beb7ecd352bcf88751356d51b0a337d7fc8d67e30825655063f8e96c0762fd0f1eca72e40fc254b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
86b8c58a3898f2b990899f77a8556cd3

SHA1
d494c62ee59b798cbd043603f7566dbe713c3675

SHA256
fe0c1583f4e16a5c74149d52a880e64659464541c509c7ba53fd01c0dddaf111

SHA512
d96adfd2dd5acfd021ed1bd0567fd4d9bff2c3346ca0fe5f3c91cf88ba32bb909fa984780a2d6a671eb0bea0c0e42d81b40b0c3c7afdd9bce729617c2bc85914

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
029f7c3026c002e0c130dfbcdd4cb688

SHA1
b42c89c347f29647be7972220419d733c000170b

SHA256
13ba7770766b012bc8267cd086516f3b74dc6bc9129713fdb760f49b655eb04c

SHA512
90c21577db26cd9e9416bcfd1efdc6b191c7f3b1291b42826d28bb21433e310bb542b54523c3da4ddf589c6651026d7f2d20c639e49cd9f2adfad1dc4a8212dc

Download Submit