9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
122s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (18).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3960	triage - Copy (18).exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	224	firefox.exe
Token: SeDebugPrivilege	224	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3960	triage - Copy (18).exe
224	firefox.exe
224	firefox.exe
224	firefox.exe
224	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3960	triage - Copy (18).exe
224	firefox.exe
224	firefox.exe
224	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
224	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 2640 wrote to memory of 224	2640	firefox.exe	89
PID 224 wrote to memory of 1352	224	firefox.exe	90
PID 224 wrote to memory of 1352	224	firefox.exe	90
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 3668	224	firefox.exe	91
PID 224 wrote to memory of 1992	224	firefox.exe	94
PID 224 wrote to memory of 1992	224	firefox.exe	94
PID 224 wrote to memory of 1992	224	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (18).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (18).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3960

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.0.1774865185\1295028001" -parentBuildID 20221007134813 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b398f18d-b0ac-41fb-9a38-858b6f535649} 224 "\\.\pipe\gecko-crash-server-pipe.224" 2024 13eb7fbf858 gpu
    3⤵
    PID:1352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.1.666275778\1636647871" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a519bf4-789a-4ef7-8fb4-f5d56d4b6ef6} 224 "\\.\pipe\gecko-crash-server-pipe.224" 2424 13eb7738e58 socket
    3⤵
    PID:3668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.2.1934036696\649294534" -childID 1 -isForBrowser -prefsHandle 1328 -prefMapHandle 2892 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a865eb44-dba2-48dd-8d4d-b912cf3535d6} 224 "\\.\pipe\gecko-crash-server-pipe.224" 3228 13ebbd93b58 tab
    3⤵
    PID:1992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.3.338362355\1187370206" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3596 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76bba6f9-0b81-41d5-9e9e-7ae64cc04410} 224 "\\.\pipe\gecko-crash-server-pipe.224" 3608 13eab369958 tab
    3⤵
    PID:4576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.4.884240536\412423616" -childID 3 -isForBrowser -prefsHandle 4176 -prefMapHandle 4188 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd184358-5c0f-4867-950b-810452e5d5a9} 224 "\\.\pipe\gecko-crash-server-pipe.224" 4372 13ebc38e658 tab
    3⤵
    PID:860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.5.273947610\1996739451" -childID 4 -isForBrowser -prefsHandle 5128 -prefMapHandle 4996 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16ad445a-0269-49ad-b08d-57bae821c7d1} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5144 13eab32ff58 tab
    3⤵
    PID:3568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.6.446536727\116266010" -childID 5 -isForBrowser -prefsHandle 5280 -prefMapHandle 5284 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c02afa9d-e0b3-4761-923e-855eb3a916c1} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5272 13ebcee0e58 tab
    3⤵
    PID:804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.7.758965004\1590751459" -childID 6 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fe2a4dd-9bd3-4d0b-acbb-daa87b52ec38} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5464 13ebee0fe58 tab
    3⤵
    PID:3736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.8.835172551\967172293" -childID 7 -isForBrowser -prefsHandle 5704 -prefMapHandle 5364 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fc8c82e-47e5-40d8-87c4-7a8684d10011} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5316 13ebf057158 tab
    3⤵
    PID:5220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.9.1477792853\117938084" -parentBuildID 20221007134813 -prefsHandle 6020 -prefMapHandle 5972 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ffd3af9-90cb-4c1c-babc-a9620a713fae} 224 "\\.\pipe\gecko-crash-server-pipe.224" 6012 13ebbd25c58 rdd
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.10.256235655\1015612656" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4852 -prefMapHandle 1688 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8734b15e-cf36-49e7-95cb-45b7e6da0ad7} 224 "\\.\pipe\gecko-crash-server-pipe.224" 6112 13ebf2ede58 utility
    3⤵
    PID:5308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.11.1293786002\1766077731" -childID 8 -isForBrowser -prefsHandle 4548 -prefMapHandle 4560 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64d08e00-7003-4147-9238-d685367a720d} 224 "\\.\pipe\gecko-crash-server-pipe.224" 4524 13ebf06e258 tab
    3⤵
    PID:5956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.12.1614795471\1622222117" -childID 9 -isForBrowser -prefsHandle 9560 -prefMapHandle 9564 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {046bef0d-8020-48aa-85e5-f67ea3d2c9de} 224 "\\.\pipe\gecko-crash-server-pipe.224" 9552 13ebf824358 tab
    3⤵
    PID:5340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.13.1072925558\1162959020" -childID 10 -isForBrowser -prefsHandle 5664 -prefMapHandle 5636 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67be6c6c-854d-478e-baa9-a672e02f6a25} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5624 13ec0017958 tab
    3⤵
    PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\1227

Filesize
9KB

MD5
8b38d1e8659f75b9826e33d8698c80f6

SHA1
c18bbacbf8aa48a65b229668791cbed604a441ef

SHA256
0b68ef15d8d344adf618496c50e94d3649312a429bafc0e74fe01ac6abcb07ac

SHA512
e562a94c65c2ae9259ea13401046b33dc08c75ce6de04616cd926c6f8212e663196b35c87734432692c76fa1aa8d9a3bb1cb3b25bfe9b03aeea1370421e6b767

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\15374

Filesize
8KB

MD5
d811ff243fe154c4c33f4d9c7d893227

SHA1
dd61a32308fb2890d62eb06e10767d8970206514

SHA256
d2776422eca9fd7dad90503879a12f32c9f4a9c98eb0ae3bd29905a5ebbb6a1b

SHA512
ebc723ef6831985d8e485c55436c85778eabe3f7b14415a4c5f0cd8daee108a3f297b91cc7c062a93d49515ef3c5530684b205f449ac6b0a4ed52487d1d9d84f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\16770

Filesize
9KB

MD5
afdd6d94909f439daebcefb9d4e97ac4

SHA1
4f8cdf60aa7eaf5708787a68419ab12ebd585ef4

SHA256
fea94688aca34a2d9345981b504bcdcc65cd34927c668f3656dd57274545cb30

SHA512
ff2b846df2434fac977fc01b55190847e9ebf3bff1efa95ee2327fe8a26547d25e0b4aa8fe61bc8e8cb595a186f28f79b1529682d1b81cd5d9144d0846810f79

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\19177

Filesize
8KB

MD5
571b959f0dd721ccdf1930fcfb8cfc6a

SHA1
4887cfbcf018d2b9e25bdcbb83f0cca114644a28

SHA256
c523f7a67978bbb5d3074110ccf7da14bd05d8a18d79b0c4d860a9d4872a085f

SHA512
d3fecf2255270d3fb53a5938b1c59b67af61b56ac54d86fa3154b361f2333710c327514e95d379c4fcb7e68ac87b00d6ae78b96088de9554ffb4a8ca0ad53854

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\25316

Filesize
9KB

MD5
97e763c536fc23da8cd863021c990672

SHA1
f303ff40edc7bb1b29dd0d449a285520e211b2b9

SHA256
ecb0c32399aefc548781e87ad303417d46d3f2a087f11fd0ab4725a0b310248a

SHA512
f7894c228ee71ade7d46f2ffad90612e24903ddf6c3e61e328c80cb2257d00e9d765b9a9f53376b6b2348dcf287e66ef298ae74f330cc7470c026dcf49f5a330

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\28934

Filesize
9KB

MD5
d448d121de5b352bcd3c16d9c0a76911

SHA1
57745389e5e32a135a6e8f154b0f650b37492972

SHA256
ba31962e2f6e217190815687a84f4c36e823748312332dec6e351b5f26ee6511

SHA512
55c7a2c4233ac82d55e1372ad612b0c989016a586cd21e395d91bfea0f55db7e31d0292a22d51400c5311cdbe108fcf225beaa3b8091d071bdf5b82ceefe6ef9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\5318

Filesize
9KB

MD5
fc408ff2b2671093f5f1bcccfb2b7236

SHA1
ad831bd47a761918b0df6d073daf530e4a0ca5b9

SHA256
4cf2c28123cc686159a699c74f5c7c50cbe21ab959f956f1c649f8bbb9126a98

SHA512
516c41cf4cb0478b35887a1d5b4c4d5945496bd5922ce2305daafc9796b4d0f778367444c67f46241df1e4403537e12fe35a19894749aa11c0b993a6352fb641

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
50c1ff521ccc03c8e34b8e9f8a17c903

SHA1
ffd3981fe29fdd64b51d85fa93b3856993dd006c

SHA256
193a6008a78de297c93cee48348372237b44911b1c437eb855cf806fda24a58d

SHA512
140cb11de09d572bae8d00a1949ac0e9e694b75aa3fa39642d3c0639cf8e1df4f71099ca886c91d6307534d7158a62ebeeb972b07662d69bf01c7132ca0137fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
4b769badb8bd2a0aecca589bc0c4723b

SHA1
53bf3c862f865d5bf44ec6b4e5529450f50939ff

SHA256
907eb312ca9a887ad3f39ad8a0ec4a60a725a23833f7822b2bf1b78c8f0d1cc0

SHA512
fedddd85a37ac953deca9e8137797f3645b5c872f823ce3679058ea104d59c5229879510cf9292143dc3b4066e33f6dce5feae587ee0d87c3dc4a98971aad02a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\pending_pings\d40466ef-6636-4194-b929-d0b12a268625

Filesize
734B

MD5
0b27e22e0fcf54ff313a2e5b9307ae31

SHA1
6cc5e06c9cf10ad0b64bf1294916257bb64426f9

SHA256
0f8f13717da343f23dfcecaf36fb827ac9e7a1f38011a15a8e1ce5f8a681a1ba

SHA512
dd44af1f14688da3a92c965d674ab85cf4cb4550b8a9a29197f961adc014d85260543fac7e3609c60ce1e67b57bab78749c300d8845094b53e27663ffaf0ff81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
6KB

MD5
1bf8c56974d2b0317057a315c6f63ce2

SHA1
0a2bf0f82c71364794c876ef92c806fda2b111d0

SHA256
b565c9af18eb4f1df692c1cc0f38542654d8862f70c5beaf360b2b5b50d7e753

SHA512
69769dc3711490617e5daf135fd606df509b096a001f762276bb3d4b77ac126f36cbf3b7913ba2a66bc00900d86aacda55a3529cc3beed0432173fff2be98df0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
6KB

MD5
f8a49820ea38d617c333e971210c24e0

SHA1
103474446763133f4f56df13f40ef4a1920bf0c1

SHA256
36421dd7e718ac835d2a2c4349d116c9e86531819a91dd837a72db484591cd4f

SHA512
ece6f31d514b5111a5f0f4d29d52ad6fb1aabb68281e6ecbe91d4e37459da445b2a2c624eabd97c6e0958b2cdc0aa3cc24ab574bb6090d2a0a8172387ffdac72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js

Filesize
7KB

MD5
9ba06b207509f1108100e75c45af759f

SHA1
3a6c5abd25cb0f26b2b4fe0a4def0f78a2e65300

SHA256
92e09f2ddb3bd139d713c1d5bb3077c58b4ac023fca8177094592bfd99040f8a

SHA512
d7a4031ab4c2c8271177c441043b2851f60bd406b2650365a35aabd93cfd5264b480f74efc7fdd7ecb5ea2faef5810e9f4fc1179df931b508c9e7c22677404c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
41c126e6b144a7fa5778f0f1dfc81c93

SHA1
a336e14771b7e03dcac86b56efc434a1857cdad3

SHA256
d0fe62f8276051f1ca615f27b6e83c7dcd71331dfd812595a4bfa2ebd6f8d741

SHA512
18989362e3c57b63a0a9dd7b9bfae3beb56f05537b091154789118dbf679b290913b4a92ed2bf543e78e491fd5d617898b187bc168605e8d948e87252e6f7bc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
a09ed2372778e49af30e506771a1db7d

SHA1
0c5c300971f07d1339f85e5ff06f210c60ee4cbf

SHA256
47ba9f8ad59d67ded7bc672ec75f2978cef701bd7a0f5bac25eafd4608645789

SHA512
a5d8b00af75aa8743fabe17e06a790053506232b616cb3b1efc7e4f4a7b548153eae010e8975829471a01fedaf8f064de830fa78c049e2f57fb44530113f8c84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d1def4e3d5232ed1f47c685783f49fee

SHA1
a65df4729f80bec1fc59530138cd32283d9fb50d

SHA256
a420be323b462fbc5644b77ae5ac527f0dbd05ba6f27a3f7dfd470f48602bea5

SHA512
eae21271a99186c85b2112124855ac8741e2d783f29068b15142cc166cf414f58bd34b138d8a33a2a9a3bd89ebe79b643a6867e1c8eba9b75980942832b08ba1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2baa52873d6dfcd25f847a7ac5e0b234

SHA1
f6f9074b57d30c2ae6470dc5090e0b8b90d4bdcf

SHA256
5086b88e7703d73dcbca790300e5ce68b4fec29602ba8bde91830e370eb95b8b

SHA512
21fb9f84b1c095e9cefaa3b09d613a78cfdd691d3d80db53241c1cd33bca3a6ec49c61958a4fd36f91cfd969346e042907a5a9ccc35efae8f9e592fe5ff4c869

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
1636e9f73ac19bffc771bb2d13ef7949

SHA1
f50b315f0a8bffb7c737cedf13c04f928274e60f

SHA256
fa42f1bea01f18f9d806415158425f81cee122f3ff5f2b6d980de75265802598

SHA512
9e12c9da380bedb636ab64cacaefd91a11611e6d22ad116c29d876f8c9be41f319a5e4585dded76afa9e36f5ff3a1930f7901b81911d6353c75404790f2eb052

Download Submit