9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
395s
max time network
399s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (29).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5116	triage - Copy (29).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	3780	firefox.exe
Token: SeDebugPrivilege	3780	firefox.exe
Token: SeDebugPrivilege	3780	firefox.exe
Token: SeDebugPrivilege	3780	firefox.exe
Token: SeDebugPrivilege	3780	firefox.exe
Token: SeDebugPrivilege	3780	firefox.exe
Token: SeDebugPrivilege	3780	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
5116	triage - Copy (29).exe
3780	firefox.exe
3780	firefox.exe
3780	firefox.exe
3780	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
5116	triage - Copy (29).exe
3780	firefox.exe
3780	firefox.exe
3780	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3780	firefox.exe
3780	firefox.exe
3780	firefox.exe
3780	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 4012 wrote to memory of 3780	4012	firefox.exe	91
PID 3780 wrote to memory of 2412	3780	firefox.exe	92
PID 3780 wrote to memory of 2412	3780	firefox.exe	92
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 4872	3780	firefox.exe	93
PID 3780 wrote to memory of 3788	3780	firefox.exe	94
PID 3780 wrote to memory of 3788	3780	firefox.exe	94
PID 3780 wrote to memory of 3788	3780	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (29).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (29).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.0.1198748374\536624025" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d67c99d2-0a9d-4629-87e4-b3e329872987} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 1980 23ebcdd3158 gpu
    3⤵
    PID:2412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.1.1017082571\270113275" -parentBuildID 20221007134813 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdb9d3d0-207f-479a-a447-00a7d5f38a8b} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 2388 23ea9072858 socket
    3⤵
    PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.2.575736444\1687732294" -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3152 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf970d7f-b85e-4937-a7a8-e8a16a98941f} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 3144 23ebcd5ae58 tab
    3⤵
    PID:3788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.3.1279002770\666639425" -childID 2 -isForBrowser -prefsHandle 3312 -prefMapHandle 3408 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e2740c1-5d5a-4943-8ce9-9f2214ab8c62} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 3596 23ea9069058 tab
    3⤵
    PID:4380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.4.1254141040\1505129171" -childID 3 -isForBrowser -prefsHandle 4236 -prefMapHandle 4232 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c4c167f-7b72-4084-8bf3-57a971833fd8} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 4224 23ec1ef5c58 tab
    3⤵
    PID:1008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.5.1475477833\438826489" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 5084 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55c26a28-5ccd-4220-b7df-b7e2e5771b73} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 5040 23ec2ea7d58 tab
    3⤵
    PID:1520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.6.2078124305\1328326083" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14856235-5e75-41a5-9a14-913318a25bd2} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 5304 23ec2ea8c58 tab
    3⤵
    PID:1708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.7.1242224292\692844019" -childID 6 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8957c951-ff97-4c35-ba4e-7cebb3ad9824} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 5420 23ec2ea7158 tab
    3⤵
    PID:3928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.8.243061986\1218946816" -childID 7 -isForBrowser -prefsHandle 5792 -prefMapHandle 5788 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baa0a54c-1908-4dfd-8c99-d853c2a854f6} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 5800 23ec4648758 tab
    3⤵
    PID:5572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.9.1511622303\1481092384" -parentBuildID 20221007134813 -prefsHandle 5972 -prefMapHandle 2836 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76c6651f-2132-4198-8d20-6b36707f6643} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 5816 23ec462f558 rdd
    3⤵
    PID:5644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.10.37129556\771497404" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6044 -prefMapHandle 6040 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97223969-6365-48bf-9758-d1b522197edf} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 6056 23ec4630a58 utility
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.11.1538889751\889360019" -childID 8 -isForBrowser -prefsHandle 10084 -prefMapHandle 10088 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd0ccbd1-ddf1-4cec-9a32-53910895f677} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 10076 23ec4a0df58 tab
    3⤵
    PID:5320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.12.1045950107\933256293" -childID 9 -isForBrowser -prefsHandle 9940 -prefMapHandle 9936 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {517fe66a-0370-4336-b8f2-da67bf39b52f} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 9948 23ebf5ee258 tab
    3⤵
    PID:5332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.13.468278691\2042993749" -childID 10 -isForBrowser -prefsHandle 5532 -prefMapHandle 5544 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d3731a4-850b-46db-a72c-c4c86007d376} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 5416 23ec48bb258 tab
    3⤵
    PID:1956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.14.1246871094\1237487719" -childID 11 -isForBrowser -prefsHandle 9996 -prefMapHandle 9980 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab9192cf-b474-4933-b43c-7e2ebf38f51b} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 10008 23ec2dbb758 tab
    3⤵
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.15.1784934281\1117510425" -childID 12 -isForBrowser -prefsHandle 9404 -prefMapHandle 4872 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b752e442-cc95-47a5-99d9-70663d0bda95} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 9920 23ec2dbc658 tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.16.2145223097\699588706" -childID 13 -isForBrowser -prefsHandle 5680 -prefMapHandle 10092 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76f9a4e7-6419-4246-ad74-bd55451507b6} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 10008 23ec0c29f58 tab
    3⤵
    PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\16887

Filesize
23KB

MD5
f42cc4376300cb9ca3888cfcbd637a47

SHA1
10bd1521ed8020c0a3a40be3f4fada0f1fec0148

SHA256
b858ddfb7d65d97029557b675b2a6e801fee20be3454eb31406dabd531135c81

SHA512
e8a6f329f5217bee6a8491b90914d8961de74dcea2722a1089f4ab14ed0437d27af16c773960e69064954152ac8d8a3ce52eca7c47f1668a86f6a2883eb1c3d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\17102

Filesize
8KB

MD5
6c1245c9b2605323a23e0712f943ab34

SHA1
e8f5cbe6b43dfec52e776a964169a8feba350381

SHA256
00b5e2ad5a9218830308755cbe1f6637b601e1d17de72f6ce25961f92534d757

SHA512
3d186b028124439c10d564c1540a17777edd0dbf9839c5525183aa7b66174a3347e07ba299a247037bd84fb1dfaeb74de66838ca95eaefbc9178924557203251

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\26709

Filesize
9KB

MD5
25068fccbc6c9e677e4c3dac46e8ee48

SHA1
2c245aa4efd3720827f8416b8d902e99ce6c1587

SHA256
9dc5bf18780684180378ab155d7c5b946086f591f7a7cc28e0c82db77813bfc0

SHA512
eb82333c7d4d1df6f0cd7d54492ca2e48f07c0c676c2de9e32ce47d52cf084fec515e07d7cb430d47297a4a33f03b9973b31c157014fa37daf3e68ae31c31ee1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\31960

Filesize
8KB

MD5
3ed639595e7c9dce42bde8b871818500

SHA1
dfd35670a4dd2776a50f6d9b4e1a74956e227b64

SHA256
e7660b30d3924a5d6e145533735a37682d215784fc6cbdd3990f226de8fbb0ba

SHA512
5af2dd090e0ed8ede6dd7254f9b56a855fd3ade5911502f914a0e29753f8ec4ab66340e2730efc85f97c8e018d1f3d7312d5a0f378521e37245219293064ec72

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\6106

Filesize
9KB

MD5
be273a3294af755470de96dab50c5463

SHA1
7fa14d9534f59d2f1b1bd74192bf3f2d2ae8d1c8

SHA256
c384c52bd9464f0074022aee8da4c420a5e4a6dcb1ce255f7cb0f29ca2de6941

SHA512
6467c498d28d85a759b2540c5b4490bf443d957e3f61d1854a912986e93a8e0ca58c7c67f829af9911a8b134c4c5523bb30f2dbb07be9f8f0946de01826d5749

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
5b6f3ba5867290a536940ed18c9a89a4

SHA1
b5be217ea27cf3b5edb75596184a661de6f008e0

SHA256
763a5d551dade1cabc80bedcc4da935e68b29c6e7dbec274e047f14a38192c97

SHA512
22656f9607b3e42d1b4a19133ae812c53aa56e3955635187e4deba46af8ec6ed9dbe445f6e371c190008d23e553cff561f575919f8874035fe6dbf049aaa3adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
b97205f187473c888af1392e6220c880

SHA1
3a8806006345824c65f88cf303555fab9eb708c8

SHA256
60635110f66ead642f5977bbfbdc8170b7e9d59b31b186e4b347384b84f9cde0

SHA512
eeb743a48548a7422f64940e5c59babbfc840b36ad49802d4f4733a727af4708d05309d3f1d05ad1a1b9a8e98e34760f818fe05fd625e4b3e45d1635cd070ace

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
5947665e950675ba502147cbc54eace4

SHA1
e8636ad244db1b89f80f94e79ce03f97864e3af5

SHA256
728e00d9c60bb6c4cfeca3d5a961be34bd39ea0918e56a873ff6a381185e75bf

SHA512
86830c6747808cd6e891f85e4281c06120d96b1e3d26bf2f16b6291fe1f7d17957f5be1c7eb686d3035f430b047dcc4deb947c6e163f5dbfff8022efec4639d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
bbf5c4d7653cbfeab0870a144ba94e3d

SHA1
2170971e455a1a72f0b9b8cd7037d64da5b7c355

SHA256
ed726e6a257f93d58ed4f7ac583e78db61488e28786309fd1e7bb5731a7b1348

SHA512
30a5ebe12a55347428fab75c9ed8f803bce9a1fc45de765b150fbb66a09e3a2442cf6fb612467faf4b9b0ab8c49e1bc3be5c347a4bb6511cf80b72d5fe9491ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\3750f0dc-7887-4129-a76c-ea12c9295af7

Filesize
11KB

MD5
d632b43134c064d69db4af61594047b8

SHA1
5140363e67bb0392e993bf0f93b45996e06674e3

SHA256
4f153d1d59751bc539819009233a84020941f4387e60794407e85cd80b61c4e3

SHA512
1256f2a7ac14846a29914f5de9c543e1f5f847814430001d7004f9bd401ee5882cec6aa6d9d0bf58be10e2a7822a39c082070d677408be8b3b5325133fe71d87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\c41d0f51-55ce-42e8-83c2-94f227b6dd2b

Filesize
746B

MD5
c37d3d8dd27d80d45a547030ea486943

SHA1
99a9e0f21a854bc7ef43f7ef358e8c1d43244c87

SHA256
deefe7fd97a79a87d42fdaf5ca847bcb60da763fa92bc76de34cae677c856e7a

SHA512
eb5b179a66f5b88270ff995da877b247dda1ed1fbaedf2304bf948840c138ea07c2faafe8fe051fc14dd80d06b2e9c81392dbc89f9099dc62f5f86215746a974

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
7KB

MD5
941dc873edc033cc139628ff97a5030f

SHA1
fcce2b378ea424692007539c049aeb25a1b0b489

SHA256
2817bec67c10722c8275fced8ffec4b37b6fe0d015c8917cb99e4d04a5233525

SHA512
324cbc537c96cf55b3ba1aba1fb5899aa1a7bf891e517a1045c289b52f63ffefae0154b5e255c5dac916a88e1c2c9bc2033a9b32f974059f8a28f7ca3f6b0de1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
7KB

MD5
a2e4a9061c4c55f1ce6eb0be44bb510d

SHA1
f08d50990e77298473c21c12e2d13624e422218a

SHA256
d5004e1ec3563959ead6c7233d2ec86d35fef382e35b2ab6ea8e42235a843608

SHA512
152ea93fcf5458e82b626d01e02e93a7a935b8e1cde66ea53141d80d0943f786e87695f4ffa8ee8ab9b4ccb1e13e9f6ae0a6635a9cad67ac054d5dbe35e058c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
6KB

MD5
508e02280301351827f1f40ea0167485

SHA1
d0e06de5e948ec3ba4339aa05dfb1f8d2541b34d

SHA256
f57c17f50b899b4f1f9ac3374800499cba85ac8c3f99c17599e75f118704cd75

SHA512
748c6313f3b09838ae98787e4141c2b940ce449d625c7ba22efbe845334491a5cca4c474e6c8cc008bc1440cb58e0bf575d019a43a120a1e725e6cc02dedfffb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
6KB

MD5
3aeac653b8928bc2088d89904cb530cc

SHA1
51f4d11e750ff55c7bcc9f50531b2e2ee7575c18

SHA256
fcdff33862c95d0f5ae2cd6be666f712678dbbcc3141c97a9ef0121d9642d84a

SHA512
5a56e843d0a6022072f748a636b4f26573408694b315d562cac047875a01936aa72798436a9a1e633600ab3d807c4abd18762ff36689544384e941cd97a48c01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
033dfd88efa3b1a3b9cfc691697f2119

SHA1
b700bbe18c21b21ac548b591e3f3f13cb85f95a4

SHA256
d237ab36411fab39a7d45e6c605166c0da202a4a71a087ec1d4fd4dab6638b72

SHA512
36771c42c019184cbd3d949391cbaace824b47cd475b2a07d338cbe96c62db2afb627cade477e3cf13dfbd253eb371f48490b2d74e0f9ca20f955f3b1be7966e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
7f8baaae9fbb32e699821c16fc2894d3

SHA1
01e6d954caa42ee9a91e5ca3f2de7955a7ee2c95

SHA256
89727f8bbeeaf72435833e58247c94d07bee9a9bea26bff5e1028585d2600e76

SHA512
518ed88f4eb34f0518160d92516df1de6cb661077232fce3caf029fc2ff6821eeaa520b0b812a13536e2b8022f16442540b4784e6a4679d0cb6788d0696c9259

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
dfc69536797605e0e6ab96c10ac45efb

SHA1
387e64b1fa8fa495556bcfb43393f9990b36d14d

SHA256
eefc83a3d8f5510985b1b6691da2b96d6394a46b99e0b8891c5255eeadc3999f

SHA512
197d3b18a748175b9269a74300a1907ebb87133cae3e7b207cb48944ca4152b0efd6583e59783d2a8ca09f9075cfedbe0ff0e88927dc1a7905a16726d47996f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
549dee5b44a3c691a3c989a2e654d448

SHA1
a0afbf0961c5fd3e6634aec50d403ec26f0fe841

SHA256
1ecd4347634ee04c56a2b98b986880ec28c7ae733f1dc3a55888f1323a7b368f

SHA512
256b976991959109bc07f983e494d3cf7c2bf1c95459823258673031d137058e93353abd57f9bdafc0a42993812e89b930c493244f12bc255263ea1334a05da8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
b75521942f6a06515c4cb3a2fc0e7e8a

SHA1
9d8c5fc7596bfa135c4c4755f75e10edd7a24633

SHA256
69c09d098b0c54845dcfc3f5b4ad04be0f71f881b4dd9e1b0ec105383ab95da0

SHA512
a4e73a809a45dfd4176718df987bfb14933055145889cd4bdee40a3f79ff9ff28230344cfb37a8b900b9f15dc5e826d5a5282b56a024be46e64e3672318ca2cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
df621a42a884eabaabd670e648f425df

SHA1
d04d64005720ecee1ba4f9b0c19827ec613112b9

SHA256
3e2861b0afa17baacf3241fe8b7637d769948f36c57cb18fcc1ef03116ec577b

SHA512
d1fec0eb31a8c9a9506786bfc12e624898b292de118c96dc59ac891c6ec1860c0c7904905ec937dc970a4fa415d3a9d5648bad461bf38104d27edd9a064ef0da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b097ec2cade3dcf51e4dae384fc902f3

SHA1
fa472befac27f1ec53c76500e11ae33d350b4042

SHA256
866c4ad9e214c6c6b6e38a104e2f88c8e4795de7b9610683e9a3a9d96bc779be

SHA512
ad94fd20e20ffb95d020d06e0cec87e146cf654961ba4f61301abdbfe9c534c17243ef410df8d75f52eda12f9c8de2b5adf7c29b3cb2057f79ec7c206c231752

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\targeting.snapshot.json

Filesize
3KB

MD5
7f4e048c9d94d9bc39f2ea62649611fe

SHA1
fd2d4eb021130206dd8f8c57edb76b2af35cf270

SHA256
914ee279c40cc0a5498add29ff250978806679107904af3d7e4286c9a5fe2390

SHA512
07c14bff1ea59d97e8d8a7ad154f1863d7d9607e47ecb69d2fa5d8c10855af179ec3df57b166727a2fcad50367c77885c9acab4458a8b653728f2d81948b3e11

Download Submit