9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
125s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (20).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2580	triage - Copy (20).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5068	firefox.exe
Token: SeDebugPrivilege	5068	firefox.exe
Token: SeDebugPrivilege	5068	firefox.exe
Token: SeDebugPrivilege	5068	firefox.exe
Token: SeDebugPrivilege	5068	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2580	triage - Copy (20).exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2580	triage - Copy (20).exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 3472 wrote to memory of 5068	3472	firefox.exe	94
PID 5068 wrote to memory of 4964	5068	firefox.exe	95
PID 5068 wrote to memory of 4964	5068	firefox.exe	95
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 2744	5068	firefox.exe	96
PID 5068 wrote to memory of 3924	5068	firefox.exe	97
PID 5068 wrote to memory of 3924	5068	firefox.exe	97
PID 5068 wrote to memory of 3924	5068	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (20).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (20).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.0.732972296\1709564069" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d89ed5d-a681-4da9-b5a5-c67d71c599b1} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 1944 22dffbc9558 gpu
    3⤵
    PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.1.160361308\1075212240" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e8fd0bc-0776-442a-9161-53293e896e01} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 2344 22dff541e58 socket
    3⤵
    PID:2744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.2.1661624488\1625993545" -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 2972 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6801c037-f406-49e1-beb3-3762daa28e4c} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 3136 22d8649c058 tab
    3⤵
    PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.3.1505068782\239178580" -childID 2 -isForBrowser -prefsHandle 1132 -prefMapHandle 1116 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c5f3483-671c-43cc-9661-9e34e7f6199f} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 3572 22d8649bd58 tab
    3⤵
    PID:640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.4.2109201608\815267590" -childID 3 -isForBrowser -prefsHandle 4024 -prefMapHandle 4020 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5e4b8a6-26a1-4879-bf69-0b24668cadd6} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 3992 22d876ca058 tab
    3⤵
    PID:912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.5.1721643165\1751205445" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 5016 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {947c5320-ff94-4f2b-9e8f-ffcd05ce5890} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5128 22d86458158 tab
    3⤵
    PID:2944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.6.1202939920\1040141190" -childID 5 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {033dd1de-b075-4588-bb29-573108ce8d45} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5264 22d86459358 tab
    3⤵
    PID:916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.7.1827031091\1838108746" -childID 6 -isForBrowser -prefsHandle 5480 -prefMapHandle 5484 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {066bd150-bb88-492e-804f-abc4b4b90f35} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5472 22d86459c58 tab
    3⤵
    PID:2060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.8.1100574801\835842171" -parentBuildID 20221007134813 -prefsHandle 5848 -prefMapHandle 5844 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdb206c4-a165-4cfe-aceb-4cf3704e0fe5} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5856 22d89babe58 rdd
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.9.135597463\274391597" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5972 -prefMapHandle 5876 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b64f0a4-f555-46bd-b8d5-e2ad52f4232a} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5980 22d89c78b58 utility
    3⤵
    PID:5556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.10.2006891977\1421605415" -childID 7 -isForBrowser -prefsHandle 2848 -prefMapHandle 2844 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {174cfca9-a1f4-4802-9099-130f1aa51d56} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 2820 22d89c7a058 tab
    3⤵
    PID:5712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.11.1251321257\1783137414" -childID 8 -isForBrowser -prefsHandle 10104 -prefMapHandle 10108 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bede70f-98fd-43fb-a0a5-ec8c89abb759} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 10092 22d8a77ee58 tab
    3⤵
    PID:4572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.12.226150151\1122916036" -childID 9 -isForBrowser -prefsHandle 9968 -prefMapHandle 9964 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9aa584c4-448c-4b6c-a774-20dfc8cb7d33} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 9976 22d8a77f458 tab
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.13.1183951900\1698814978" -childID 10 -isForBrowser -prefsHandle 5380 -prefMapHandle 5396 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85fc4e57-78a9-49b8-8943-867d44fe61fb} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5356 22d8a8e4958 tab
    3⤵
    PID:1056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\12463

Filesize
8KB

MD5
16162a8b29d2f90e7e113d7415ba6df8

SHA1
356a997a08fa7cdd7619929d3b620e50e86f7ad3

SHA256
e9fdcfcc43314abbfd8c75a7c4869ef0445bfde8e8daced25982d6b424f80fcb

SHA512
04558e2a49ff33f674dd496e44bdd151c3bead231a4b62f9581afd14181d4159873f210d66d65fd56f944585cc4f25ed0782607170b24b4812a95ca35ea965e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\18746

Filesize
8KB

MD5
f540a5b9c5fa6f56740ca777ea86de74

SHA1
1f4f61fab8ad1d177b959eaf49f26278a44f8099

SHA256
14b28dad6fefa1db80cb414057b81eda7702e914496702e5ffa430374dd5ec44

SHA512
e49444012d4d07a6e33f4a793abfc3ad0e7a9bf063d7b114665a10726171f61f6cb004e65e731bf9b7ddf8b88b8009a8384171387f8a54435dec7a4a6770f212

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\18855

Filesize
9KB

MD5
7da7bfc7f20f54f7231ecbf3b3b221a9

SHA1
90112958ee496b3e9b99f60d5d52093f21bdd346

SHA256
500f37a233b2ee371b8f48be5d8ff2234ea2df4c691228ad25ef3a24050311cf

SHA512
e1f8447286428180ac5dd02fad2ba0a501706dd70b800b39a4645fc207ee378b4b17963f8bfad62ae2561c3146bb3a1642269e34bad98ee405d5c069c14b4ab2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\19752

Filesize
9KB

MD5
b25d9bd6e2db52733be9bd48928fae80

SHA1
344a0ef80b31c1ad0af1aa1b4b5f156622138759

SHA256
c35c7ac056270f8ef10e8e21f6b61bd8efd2f173fdfaa03a58598476af03c6f9

SHA512
8f0a18b32e378bd48f1b942bafb6dd42123ccd08754c0aa1128a375d0fe480241ac4f3b1dff5b0cb60e75c963ac62d43b0d08e5bf664f59577669c71e7b300be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
ad9d2e7852bdb545d82b7490f89c5659

SHA1
2429be0d60618c7b867ca2d4a3a4a5eb87faf722

SHA256
058a1248d4eddd9607587b4e3e25e99573f2a1d37978f272cea174f99dba717d

SHA512
2d62f0f7737afd61d60a12f2082af3d48c1555463c2c2d1b7a886b21ae28d6d29731864d31faece7f8c08a005619050844f62257680ebf56a68e43f2ace10aa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ce543c48c7c630bc9872c1e4727d3a20

SHA1
b9f2b18897aa7a019fe2ebce55e9f8070a6a27ec

SHA256
ad38db1ca045d90e2799afe1b08991ed5ff02d7232e2ed58c681c55ec7e4b350

SHA512
b450aafcabd7760859f3d1ae1e7a33932b7c8bb568fb3e23c072dbc3fd058bcc6f61ee907a2a2eb70853b12e7c67fa0d4c3268fb9e481041805ebcfb0c6cd500

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\973ffce1-495a-40c1-9d14-b312adb9fec4

Filesize
10KB

MD5
79d51dc0597bdedce449026419e72136

SHA1
c4265d0ccb0714bb3cf972176799c11247ce99ac

SHA256
d355399a5b8f02ebb10d9ca908f80d3db57e15ad256dcdcf90382cee11953aff

SHA512
c1fda54029960ee57bd948159dd82777b9df02866c387587fb9d3594f1f4f298b187ced0e3a8b5fd7b6292b03bb3b6e21c7afbc7124a07d81e1e56046517a842

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\c6b1c3e5-49bf-4643-b7a9-c5e9c8b3b0ac

Filesize
746B

MD5
fe664725c94f135d6e747bfcfdf85cfc

SHA1
9c8385d271efaaad53e304b45a418fa6c25438fe

SHA256
d8c85ed4b0d93fa920a4a446a8fe565f944f0778bd1f7434b39b12fa174338c5

SHA512
71400cf99e9b98d5c3b1f88b45aa02bcd35f7ecc219adf8538b38cf6d521ffefc57ff84a47d8a4d8953cad22f5bf0f8559771392cff622ecf9f6ec63364e8df7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
6KB

MD5
680f50c68a1c191b29dc7c84a4e93965

SHA1
7762fe61d11d17b6644fccdbdf2a94b2afb2f77b

SHA256
c5d68b809019fca98a14ca87de48dbe31a8117fef4e4589b245589a777cf9468

SHA512
0c9681bbe2f419d7035ab282b4ace5b29f4b6f0aeeb9e1052fae54bcf7f27b27c9a3079c55d810add19ba9f304a71c313f6de8df3decd67875d83414b1a581fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
7KB

MD5
1f2e4eef4de9344d726afd1079b93b05

SHA1
49f135d80815d0eb409bb41becdb484730fefc5c

SHA256
a93a013d6bed8b87322d2c37ad5da2e388950fb8f90734cc6edf57f68d645611

SHA512
dcb0ba68fea72356836f3c6302ec4ec79e715a076dd18c08d684ffaf4c8224d4e1b39943bc276b74bd3ab9fca3126bb737b4e292e0ccb038b16ab9f15995cd37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
6KB

MD5
5503dc8862454791c580d8876289b199

SHA1
ac1c21253d4b78fbb8f79329a3714c1bcc615220

SHA256
4bc9c461efc340d825175db052211ffaee51e7f45f67b767fb5d3e07fcc3a027

SHA512
b6d05b6e291539138c86e028edb52338c5a16fa9e3e9d58a37930692fa5d3c29102c1c880b6dfb252a5d28eb3666a9bfaff12f4ed8b1214f607ce345245deb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs.js

Filesize
6KB

MD5
64386659d1c4f68de04e2980205ae1fd

SHA1
b3a25456b67cd6555219854fc7a15c3336936596

SHA256
75b4d76f31f4281acbac18eb10b692e6f4322c68dc8785f4020a7921cdc06a38

SHA512
33c83de0b252beca6facdb9fa9b4aa898c289478a6b8113e551ce807f971949436d74538b107e23e5a43d9c386fa035f4a24e1dcfea88e59d3b64b5f46f237a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
0494441a031a310312556995d1de5eee

SHA1
3ef2285c9d1c2c970b450613259a8f53a8685f26

SHA256
18e9fe5e20f7e933cb3d3fbddb6e267f251dcb0b65ed9af82962115b76cc9dc8

SHA512
cb932b6078a100fce6ce23aee1902cfaee15ac079f5f5645c0f46965e1fac1adbca01d687cee857482aa535f7193463f7614814a6d6e0ca81c0b45f70b936bba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
f1cb4ff7b54ab49e108abc8e71533d56

SHA1
a9023365f230bf9303301b28081751c541556b86

SHA256
14ef104b6afa09535b999a65d1af2c90191cbaed4175faf8572cf81c7bf63b35

SHA512
f821eb87fe91b6f84f76f7ccc862bddb2452e17e018c840becd9eac6caf713c8688a094acaae6da0517aff0b8df9f6fe9108c90f1873315321d32bd8a84302a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
2b39cfd283373154354e5e824e95a42b

SHA1
4537133bdda5916f30b671daf80c5fc666f471ee

SHA256
002f546dd8001d74b271d1a8d3ee26af082055720927bb975032e97cd6ad9182

SHA512
d2a16a618da214d348b798ba64ee6d4cc1458c506c5bd823b037af53f135785af38602f444aae16074d97a4cb8de0e212fe2ad42e3b15f21ee8d5393ac8bba38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
85bb6baf974b0070f492b1a6b2aa49ac

SHA1
e88ed53861ea87d4eb834340135a35857b9009eb

SHA256
4e1a132d08f393b7373ecaef3c08478b4f4dbf835f88fb99b8e4bdad1ac3bd1b

SHA512
4343a1f28b5ab75cbb52a902963426c0ec91001e2731bfd51d835e43be9c9f8a9cc8f904fb74de92682e502f6bc28f96e11a59740d0eba4c31d0bcfdc102bc45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
567b06e22800eced6e71ed6e57dfe9a2

SHA1
4dd152af9292d5894373745d51709de8ca64f4f8

SHA256
2666487c554ff894fcb62187d473d206500d3279d4e2008c8251ec3d96719187

SHA512
87c222d5d3400fa503c4ac6de80af4807f1dbae93e2c2244bf4ab0e080429d575f0b867684f8610e92774a02bc43a33df42ecbb0eb867aba818fdc0f73379ba6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
c6e83da0555ad644d6a9067948a2ea97

SHA1
6fdf5d8f4c7005eb6895cd9a52bb3f3acc1ba542

SHA256
31cb8bfec34e5cb2831c667337748a2d8009f578e2f013f9506385e43745dba8

SHA512
aa82f783a115c07d35dc907824712a19eb1734ddc6ccee9f253eb55adadbb2902b9a224a4f59b1a254a09278c5df5ad1207c9eedde80a50df1ceb7047ac2697f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e9f4117a1a48089fe77198b5238ced78

SHA1
807bbdbabf018c425381113ff2058c8de6d202e0

SHA256
9f71a56ca0ff97fa0dcc402343dd6166815559d10dd22748027a046407cfd8e1

SHA512
bf9137dc085635fcb719a785a8cc87b3431a64521b2456cb69312738fc29f097543bae8d82fc18affa244708699f4b3f1527eed78ce6e31fac2b5435625d4184

Download Submit