9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
132s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (25).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1800	triage - Copy (25).exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1800	triage - Copy (25).exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
1800	triage - Copy (25).exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4792	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4196 wrote to memory of 4792	4196	firefox.exe	90
PID 4792 wrote to memory of 4872	4792	firefox.exe	91
PID 4792 wrote to memory of 4872	4792	firefox.exe	91
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 3088	4792	firefox.exe	92
PID 4792 wrote to memory of 4236	4792	firefox.exe	93
PID 4792 wrote to memory of 4236	4792	firefox.exe	93
PID 4792 wrote to memory of 4236	4792	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (25).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (25).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.0.853470677\879008877" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f32090ff-3bfe-467e-967c-855514f4bba8} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 1984 21e347d1b58 gpu
    3⤵
    PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.1.1290805481\1875689601" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c877eba5-49bc-41a6-b11f-4aeba24f081e} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 2384 21e343e4458 socket
    3⤵
    PID:3088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.2.2114368238\344997736" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3148 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2535f824-85c8-43b1-a7a4-153e0a4cdbea} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 3124 21e385a0658 tab
    3⤵
    PID:4236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.3.328079465\2106769846" -childID 2 -isForBrowser -prefsHandle 1176 -prefMapHandle 1772 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22b58a99-6f03-478b-9b33-9364cf94ae21} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 2528 21e27c72b58 tab
    3⤵
    PID:3240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.4.1647866889\1743440630" -childID 3 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99854884-5b19-400f-9345-db1c346888bb} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 3676 21e27c6b158 tab
    3⤵
    PID:208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.5.25734906\127831815" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4936 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f12df066-d132-480b-a0e7-6de13656ee7e} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4952 21e3a972658 tab
    3⤵
    PID:4736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.6.384024450\1492142853" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4960 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee60b969-351d-44ad-b7ec-d28a3d2f3b27} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5052 21e3a9c2e58 tab
    3⤵
    PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.7.2111550221\1234635219" -childID 6 -isForBrowser -prefsHandle 3912 -prefMapHandle 5004 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28d6e27f-4134-44ff-9fb7-c95f2a6af368} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5188 21e3ac64c58 tab
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.8.1986485097\1129867360" -childID 7 -isForBrowser -prefsHandle 3772 -prefMapHandle 5756 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {266d8610-d2c7-4255-b54f-7effcf59973b} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5768 21e35666258 tab
    3⤵
    PID:316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.9.834804520\477551736" -childID 8 -isForBrowser -prefsHandle 5696 -prefMapHandle 5444 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae82eb23-ca2d-438a-a486-2680cdc0e884} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5748 21e3ab98658 tab
    3⤵
    PID:1740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.10.1022871\1299864626" -childID 9 -isForBrowser -prefsHandle 6040 -prefMapHandle 6036 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6047211-3d5e-477a-bdb4-344898fea1ec} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 6020 21e36e3f958 tab
    3⤵
    PID:5216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.11.673129357\311883792" -parentBuildID 20221007134813 -prefsHandle 5976 -prefMapHandle 5980 -prefsLen 26659 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f2b1529-afbd-4dae-b97b-7466f3859eb6} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 6172 21e36ecca58 rdd
    3⤵
    PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.12.28025185\1226063457" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6324 -prefMapHandle 6320 -prefsLen 26834 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d58b0a9f-d7e9-4614-a0dc-516095644c39} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 6332 21e3bcf3458 utility
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.13.2044216270\395793697" -childID 10 -isForBrowser -prefsHandle 5392 -prefMapHandle 5196 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a9973c9-1a4c-4ec6-a605-6a03f51ceb66} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5184 21e3bcf4658 tab
    3⤵
    PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\doomed\19184

Filesize
9KB

MD5
c32a9dc6fff7246e98ee34b512d4966f

SHA1
eebaa37e39425ded28c5d89c36682840c794efc3

SHA256
bca6f2f734b88d3ccde18be845fe275472b295116ba6202d8661ebf93cff430b

SHA512
f7e597cc75b82c52b40ef1c92ae0d7cc0b470b4600d296b6299e524852a10e66bfb8f6a69970e8ae210d9c40e1377d51422832026701efff2252670526f96ee2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\doomed\27145

Filesize
12KB

MD5
223e6e71b5ac705cf317691a554db44c

SHA1
2defb6c8b042db6ab2b96d78c9e1e06b21445d02

SHA256
5f7ba27d1df1a1692e6cf014feee14c707854c8a256ff16f968745cb10e13237

SHA512
562a0146c5eb94b224c05f8133fc9aa7c5a869526c89f76320b39db191f554f4cfb531247c3b07cc6705aa34da65e83eb1884a105075ac61cc5dd17a6cf32611

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\doomed\28416

Filesize
8KB

MD5
36a193e0398fe2586a5c06ed6a0e9ac3

SHA1
18ba270f236e556940743316c71c540ef24d10ff

SHA256
6048f308a60ff3662e5f706dab0b7badeba1b353d76cb122219cf46ac9422e7f

SHA512
35d511666f88be642fbb02cb321c9f93372d48040d58c8a93e392535918401cccb2e1e690e52d4bab3a7cea893eea8401bb21807601a63278786e26579d86917

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\doomed\32011

Filesize
23KB

MD5
58cee5f0ed3e128154eafca4e32825fd

SHA1
4927c38dd297bc091c11ecd5f5ed3fc393b9bc14

SHA256
a3dd2b3ded283faa92bfbb0e1ed02a2179e762e2dc672ea4bee4ce58c1ef8f5c

SHA512
a14311d4d2f58f6a18cb529e93f7762f7e0f516aef05c38c57a43304af57d74f7be8580db65cca769d4db972d5ec65f9257e8cabe0d8bf05c76c25a5f6bb7858

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\entries\07F5049BAAC219B7CC8E5D0D7BC3FE00CFC59628

Filesize
8.1MB

MD5
48ab9063d99cff142085cc330acc539c

SHA1
1f0c083416bb8027f4ac449a384af5133ec34952

SHA256
23633e94c3e357d64b9734a1e9eb052a8eb43495eb45b42cd8d6def4d848c4af

SHA512
37a44da2b0db78ed6ad92d995e835847f805c57fdc1e8e0dd7e8c48c2fedf6f953a74dd10b7794eb3e6689513894ff9122a96d5bbb53eff01191b16b9aedefae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\entries\7FEF50EB1C89E58D7202896295BED2C7C56D1C99

Filesize
443KB

MD5
60645c8884a43ca6c63635bc9b4d2779

SHA1
ccb18eb68e912b12dfe0a8e052b60ca064131bc3

SHA256
3cd4a9e988ac97be70cf85a4242b8d372e2507d5382b9780b242476203119e43

SHA512
21c5cddd5999cf0a8967b1f2ea94c60e2949653b4c5a2eebe3248754b22cbd817c56a24f877f904ffdaebfc25d8a353be1a1447aaaa7bc542c6fec9af9b3ddf7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\entries\D82ED10047F78B4F750CAA390C240BAAC50F3BAE

Filesize
10KB

MD5
97a6a7fd49ed04c5577b98b95ebd3750

SHA1
16ce660d032d1f2944336671dcf5fe7e8450f848

SHA256
e81c9aae2eea81fafff2acdd4021b107684855fc661fe49a60f9b34ca8b156a2

SHA512
d278a136aff656608b28d04a126205be01cccbe1d62fc0a622291a0cfda7d4d13e592e33907ed22953148022033eca1bb0e180bd996f8a9866a04286d3efc02d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
1dd1d681e583367fd5e7552d065df1e9

SHA1
4efdfd2603f5476393722c705cb19488b38d19e5

SHA256
c7fbeed0524a98dc3a17be51e25d8a41b850cd52c4bf90af91dec03a1e62f180

SHA512
d2df1225bf6cdb24e6d38ad29707090bdf5749ed70e813eef95d610d5adec907c26c11ca17a5225560e083c24cf9c7f33884ede152894009ccdfc98306132682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
e6d7ce859310db237fa5f01521e7e90b

SHA1
4d8ce7c05273bf4da4e1e82e710ad670f719e9d8

SHA256
be6bf789ee616b00d62cdecf64ffc3c71600e63db236829b10676e142222fa38

SHA512
fa0632a872f76c15caf7b592975f4faca6359a2ca8accdb73560a583f696438997f8460fc876fb0e23c7c3035280a950b7c5c95488d97e5ce3cbe2b547ed75f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
8dbc0640c54d6536ab28cb13081f46e4

SHA1
ce6d1ebc78ceb9c7b14ac6ba92abb8b5cafcea59

SHA256
89d45a308591480b89d4d4b85c3e9e1750037d2b4bb3d4f346d793a752c9ed49

SHA512
9905cd895471fe7572d03022dadfb3764b55e2d356ffcc42e29b45ac79f59845619cd1835d149eff5e5f710d0a010e63d464ffe8a683120dfd0596aae1f2d7b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\pending_pings\137b628a-bd8a-4303-b17e-c2a8dc703b21

Filesize
746B

MD5
dd842eab4243e65649e591b667e6b1c6

SHA1
ff603880b3d507078edb6fcab9c7b13844c4a148

SHA256
1fd4f4682abee043eaa80f15f4a741f83918ef3c500f65cc772fb36fed16264a

SHA512
f635689acd58ae7f422ae64b5f8e3e983394c98e10634ee405b995486ba2e43585a11c56720eaa0dc5d78ccfa475d450f4d81bb3ed54378e3ec11f690a8f1ce6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\pending_pings\362ae8fc-c933-4af7-8deb-aaeb9d2158ec

Filesize
11KB

MD5
3638144f651b3d80e0bd7d9ee0f7493d

SHA1
3969c1e2f05e40262e10a7be3fbe7276a9b548cb

SHA256
787f228478391cfbb4fec4b11d749f245c14adb7868840356a47f6031eaa8a55

SHA512
024001351c9058dd3af4fbc588bf85ee52edfc7a9060d1afc79ae68fbab1d89f1668ab7248af24cbf545a9ed7a87c1f46d5a8d5ea5bb79b85cdaf607b60a619b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
6KB

MD5
bcff56f256eb81c4665b66b10b58f741

SHA1
82974b71adf6e51aac08a37454249169a164dbcf

SHA256
1d950d6fd593ee9e97d24dc21c40eee6e375e35529e61192631a101cc98818ea

SHA512
27527dd0b7de7fc44e15db9841d9177e30d7c3046c316a82bb1189bf2a84a936b950716aa84011ec37305313edd2a55c90e43c940bfa2246340b45495a496b09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
6KB

MD5
f1e90c2e58389aeaf79d42aac21f7d62

SHA1
b9970b961b66a4bb416859c3694734357ceb4af0

SHA256
a039941465a38066004e8aea152114c0f03ed62caf92c72fc644f1c45a0db3b0

SHA512
c29202ae472f2ddda32555efc6a4ae2b8570bb6a31562f7a51e833ccfecc206935fd1d4bed40c4bf5df9da9b2bf0077fe30c2f26fc8135e6a76b70f004fb1448

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
7KB

MD5
8177d491469070ad4b7eab6a6f9dbc15

SHA1
117f62a58a5ff033af4ece9e44e638e6fc3ec207

SHA256
2d396f40b6992401750f5624d27c79c9ecba1c9b16d6513edf06f7cede067b9c

SHA512
20819ad9161325056991b7743197902a724caee6017dd32365a583052bb7762461533b8cf62ea29167298d51e92e253fd790988ca85146fda5378f780951ec69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
48a30a049ec1e6dd09620611e24da473

SHA1
0cbe2cbe7412fcf1cc2882339755f50e0b4286ad

SHA256
f7a4328c3db73522fd22dda14ce9d39847e932b1bd43ea5eda4de6a707a3c9d0

SHA512
2dd38c509c0a165569e0b8128cd6fcab4fd596b5715cd687b347b2a7fdc4dc41d8201d82a261e6d9e03ec5de2f92e9b0a0e69d249b08a3ac18fccd6c668af091

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
8515e9026aa03bf5d9d2498a4944503c

SHA1
42777c53acf8e3060c4b95fa61f8fd0f95200ee1

SHA256
f26cc47f3228aece58830dffa72b7f6f14a49cbe8e15dcf0ff1e9a0175426b35

SHA512
b87fbbec7d0f6fca3b8595f15ed5b06b14a85b49a8bed4cba87aeef9293c4ad2839d0e800a0c5048625ac6bd23f6dececa1dd2ebd654ee263a16a3fae792eb08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
bfca12dad2932331ab6b179d6a713a72

SHA1
1a16ffa71f5e61a2998e673f35f9b8da8fec5994

SHA256
d74caef84c7cfd0c700a2d3fefc8c4c545f3ea0d6a9ef1d43eab0224a87c02ad

SHA512
270c0af0f9a3de19d6c2ac6f0a4b7ad8a561d67f43cd2d8bf03d4a542bfcf9ea5ae14dd11e2997049d0a490a8e480d15695212e9f65ff66024508924a9249195

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
3c1faaabed67f0406dc6e311bf7bf45e

SHA1
0c58d21f0c8e82887fcd6d867bb63e5697bb00b4

SHA256
4286553f1d09fa76cc6102d8fd4e4a4d3b614e98dda39003a0bb7a70251ed484

SHA512
54e881cee25d575cfd54f0d4523ca48aaf7e748823d9684e59ed307b6e97695e0de58303a07f24de285388d7758a52aa45db040373ae67ddcd622b4438e686df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
f204aaaeb6103575976ede2cb0a021d8

SHA1
7e6bcd9db61cf2a2e5d0e18d19a1ee985767783f

SHA256
9961c0fd49f9292c66e4b1f54b0a5c73508982e25917ea32600b98ac7dfb95cc

SHA512
aa99fa645162efe3e5a23c1f6b658a20854c1febd0657f6151a48a39b8e6b15dbe8a54bf845183b125fb6a0baf5be273b405380c2739c991927004e329a93889

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
01b0f17b8287a300c2b0d17a0282b838

SHA1
bc9157a5f757cd24062cf49feb7cebf421147e28

SHA256
53427af8575a9c751c4bfb917d9098f7c13f348f1f9fcd8a17d7c2e72bf07335

SHA512
4adfa1032404d414cd38c2ff40332e1a146ab487d6c8711e8e7cb6d75265a2cf0adfd3e596bfaeb8d3e64e8b5d8520ca5c68337a1abc85e8603831603b90a3fd

Download Submit