9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
384s
max time network
370s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (30).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3144	triage - Copy (30).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	452	firefox.exe
Token: SeDebugPrivilege	452	firefox.exe
Token: SeDebugPrivilege	452	firefox.exe
Token: SeDebugPrivilege	452	firefox.exe
Token: SeDebugPrivilege	452	firefox.exe
Token: SeDebugPrivilege	452	firefox.exe
Token: SeDebugPrivilege	452	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3144	triage - Copy (30).exe
452	firefox.exe
452	firefox.exe
452	firefox.exe
452	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3144	triage - Copy (30).exe
452	firefox.exe
452	firefox.exe
452	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
452	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 1880 wrote to memory of 452	1880	firefox.exe	95
PID 452 wrote to memory of 1028	452	firefox.exe	96
PID 452 wrote to memory of 1028	452	firefox.exe	96
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 1200	452	firefox.exe	97
PID 452 wrote to memory of 4344	452	firefox.exe	98
PID 452 wrote to memory of 4344	452	firefox.exe	98
PID 452 wrote to memory of 4344	452	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (30).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (30).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.0.612180892\1389337912" -parentBuildID 20221007134813 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2917c1d9-7e81-41e3-a063-7887e17dfab6} 452 "\\.\pipe\gecko-crash-server-pipe.452" 1996 231a5dd9e58 gpu
    3⤵
    PID:1028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.1.1646758121\1645022500" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc8c3689-6bd9-421e-b235-53e41c3d9c66} 452 "\\.\pipe\gecko-crash-server-pipe.452" 2396 231a5cf9558 socket
    3⤵
    PID:1200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.2.1820176009\1478852724" -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39075548-cdd8-437c-ad0f-e749eecf43d3} 452 "\\.\pipe\gecko-crash-server-pipe.452" 3120 231a5d5e058 tab
    3⤵
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.3.1327817287\1573138075" -childID 2 -isForBrowser -prefsHandle 3400 -prefMapHandle 3404 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d497baee-a486-43fa-9656-203f366208c6} 452 "\\.\pipe\gecko-crash-server-pipe.452" 3600 23199562858 tab
    3⤵
    PID:1536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.4.878745454\2088658064" -childID 3 -isForBrowser -prefsHandle 4628 -prefMapHandle 4624 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7090d822-e148-4b60-9c69-6b88ba550951} 452 "\\.\pipe\gecko-crash-server-pipe.452" 4644 231aaff5f58 tab
    3⤵
    PID:1416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.5.1048623717\746038175" -childID 4 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dc70b76-92be-4bf8-805c-022848f37796} 452 "\\.\pipe\gecko-crash-server-pipe.452" 5152 231ac056858 tab
    3⤵
    PID:2452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.6.1562188024\1780041397" -childID 5 -isForBrowser -prefsHandle 5288 -prefMapHandle 5292 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62c5b3a1-310c-4f56-8cb4-350a1fe12d28} 452 "\\.\pipe\gecko-crash-server-pipe.452" 5280 231ac092e58 tab
    3⤵
    PID:1480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.7.1015078546\739228848" -childID 6 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {296413a2-20d0-4ccf-bf3c-5af455fa3ece} 452 "\\.\pipe\gecko-crash-server-pipe.452" 5560 231ac094658 tab
    3⤵
    PID:688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.8.677758886\700668063" -parentBuildID 20221007134813 -prefsHandle 5820 -prefMapHandle 5824 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {510ff0d7-3269-41ac-ba29-f13f51daea92} 452 "\\.\pipe\gecko-crash-server-pipe.452" 5340 231ad356858 rdd
    3⤵
    PID:5568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.9.1683007586\1475413741" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5800 -prefMapHandle 5836 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32c3134b-8661-4352-8c5d-a0451c9d5386} 452 "\\.\pipe\gecko-crash-server-pipe.452" 5936 231ad353258 utility
    3⤵
    PID:5584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.10.722585804\980360506" -childID 7 -isForBrowser -prefsHandle 6160 -prefMapHandle 6156 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95a16412-fe9a-4347-8c52-bcf664a4811a} 452 "\\.\pipe\gecko-crash-server-pipe.452" 6168 231ad560258 tab
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.11.1619020235\1843617708" -childID 8 -isForBrowser -prefsHandle 10108 -prefMapHandle 10112 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c61c318-3a48-466d-9042-0f13a6890fe3} 452 "\\.\pipe\gecko-crash-server-pipe.452" 10100 231ad563e58 tab
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.12.114157668\1922457158" -childID 9 -isForBrowser -prefsHandle 9972 -prefMapHandle 9960 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {756c8835-ea34-441b-9eb1-10713f733a88} 452 "\\.\pipe\gecko-crash-server-pipe.452" 9984 231addcf558 tab
    3⤵
    PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.13.1517316487\1459381814" -childID 10 -isForBrowser -prefsHandle 5584 -prefMapHandle 5568 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f02b807f-2240-4b33-90fa-1551d1eaf66f} 452 "\\.\pipe\gecko-crash-server-pipe.452" 5656 231ae052558 tab
    3⤵
    PID:5916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.14.557291514\158980847" -childID 11 -isForBrowser -prefsHandle 2972 -prefMapHandle 10084 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dce3495-83a2-43c1-aeed-1cc49c1d9ed0} 452 "\\.\pipe\gecko-crash-server-pipe.452" 9996 231a8706b58 tab
    3⤵
    PID:1424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.15.19561508\671649659" -childID 12 -isForBrowser -prefsHandle 5660 -prefMapHandle 5636 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fce39f0-5e19-48d8-94ca-ff60e6f29d2c} 452 "\\.\pipe\gecko-crash-server-pipe.452" 10076 231a9e03558 tab
    3⤵
    PID:3388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="452.16.635149064\817337478" -childID 13 -isForBrowser -prefsHandle 9748 -prefMapHandle 9980 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b4fa2ee-3a0d-4b2c-b3b2-6f8f224ea2dd} 452 "\\.\pipe\gecko-crash-server-pipe.452" 9964 23199530b58 tab
    3⤵
    PID:5204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\13213

Filesize
8KB

MD5
3fd489018a045d9424ce339d5a55a746

SHA1
f99df76da7e1a2b30a4cdc3b3e0aca10b2df3dc0

SHA256
a107557a9764385729f36ba9bc641706cf43c212fb3d63d420cf3e04dd174d52

SHA512
1f283e0e10e2c60aa73b87072b46ecafffe2e0ba93e3dd5f0678be2e3ea196e13f05d85a0c1214c50a96537e3b4f5ca9dc4c47bab4d2596bfe979c4ac9f89f0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\17701

Filesize
8KB

MD5
6beef862b9565f791cbd021847e9fcac

SHA1
0e1a3fef7222d3f85b4e76823818cc76e604b5bc

SHA256
872cc276d0fdb53249f367124de76e3867913e57af9e26da1604602cc212014e

SHA512
cfc45c3e587d37ddb4a5be57a3ce4e99f195be9ef00d20bf25ad1ae61c5d45f8cdcd9a2f806c1c067e3991468d5c9c23b88560f54909cce150e32bdb98e044d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\26701

Filesize
8KB

MD5
21394212cc740a8e9ad3a101d6c41a0e

SHA1
bac2b64412c1f63c86a5e2ca132e1ee2ecc664d2

SHA256
bfd9b470912a532904548768d0d421cba0c74de6b741e23d8ebbfcf1331eab69

SHA512
240e505bb00ca85d8f6e859475e3ac3871d80a9ffa490c07b986b18b96ffe0c3f1ae838595f2bb96e0c95371850c0cd146709c83fa5d540e7dc92a571a77da89

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\29055

Filesize
10KB

MD5
e7ebb85e49b63c06e882e317d892b22b

SHA1
a22030393720689d034f814d70daf4c787618ae7

SHA256
7d2a3e7e60336e8d00e1b0888d6fd898e0adc66e89eae7652da2ff88c3aa6a02

SHA512
bdb043d181cfaa1f35e266b3487dbaea7c113f8a89e435014668e6292a3bc53a6088fbf292eadce3c099b9f7ff29666e49682a52c3a21a53c8b16d738057290d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\29057

Filesize
8KB

MD5
479e21f470f47b385df8afdb1e2c71f9

SHA1
246fcfd16dbcc3aad5c0051ecb937309a63f51b9

SHA256
c2d7dba8011d5ea45f20d3454ae722e05fdbcf4d92b0812e5d8dfec6b96c5c1a

SHA512
3b6d76856d1cfeb890d7d7d46d54051370e32cbe75f97c9cbf88ba860e59b930795af8e9361c0013436c7b7583b6dd978cac172527e3dacdbac6588edb250ada

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\31302

Filesize
9KB

MD5
c2b1537c6cddacdbcf1e2146473e90fb

SHA1
c571114bdbaed007b41fe92b240fae4d4df5ff87

SHA256
bbb43b95d02e0ed0b1dcc3f265cff8dc0276cf0e8e3ea4e2f82ce5675db6d2eb

SHA512
260d5f589e5393316b091ad209ad0b329ef83feaa9f36ddd6f2d93388303368a74b60e7e8d6926ed62b7060927733cfc2076494723ba76cfada2328ad4a818b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\9599

Filesize
8KB

MD5
169b376556fc3334be96a297a2b1a270

SHA1
76cdeacdecf7d3e08a22e9f9b81cb9c59d84e61a

SHA256
347b7decdb2987f17f67b6a0aadcdeee786be205959deecbf91b3ab7fa746874

SHA512
6bec233d80688b6b1784f44a4361e0653fc011d536b14f5050e42822289dd63d5708bfaa11069eb3816aeb5505ce9d03d40c3da4853e829daccb0ab5009de2a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
af40fdefd40a691057e4aefb03f159a2

SHA1
c94debc40fbc4502cb8e7fc56c60be7ce66df503

SHA256
eb3a1b86b4bdc0063e5edf267c983e8cee04e0f6334a3f1d16d08805a3b09c20

SHA512
aaace942eb2203f5984ef413dbdb9a310c8e82db99680820c3f1e4fa07383908ec854dbdc039a376df486e9851b3cbd1affd20e6c7f92b7966cf8b9e0bba7f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
c0c41a7996f1b648adc227a33355aae8

SHA1
ed6049d998bebd7c09fd3ca469856dede98bef07

SHA256
9c5ba54ddd27fe687ad0697412f012c06b8fe62bf094327c21ce4aee255cedb0

SHA512
31ed661d2f9f5be732c3d8ba0f21153e1036456c4eba0c9e21b5a1b53d8d9b7f17d55dd677b3fb5484b8ee84a118d6a3502a51c30cdfdcb26562b9679268de99

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
5b0e9213c1d814c8cb34075d84320662

SHA1
768576bbc0c33fe93b730a36c6fd420c3d1952a4

SHA256
34e2e55b495d8d481881e0189fe98e69f2b2718c7a30d162de41727ad509afda

SHA512
46a8c7b8ef6113359a6e47da3707683b28c6bee4de232d60b0108e522134674ee4193cea622636f03d8cd53162136a0b3e50fd9d2cdce51c8a7eb07a57fed77a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
5d84aa6bbec10a165f7b3df901fc05ae

SHA1
105d5ad218cb5b91d051f48a1974dcc8a3acb46c

SHA256
a2cf685c191b0c27c0c7186516f4acc83224239365b4fffc73ab130e0946775e

SHA512
2a002e99e0af622e15ae50b1a7c528935928d0c66ddac0e5de02d1e446eb93414648ea8a174605f69f9f134b077a67f3c48f8a79683dbb01daff064abf50ac36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\8b508820-1180-4f5d-8d9a-c393e83744dd

Filesize
746B

MD5
01692675ee2b9f90c62e2f110c5e5222

SHA1
33f563f849067015e6da36004d9e61e0ed6c207d

SHA256
9bece299d013ffa1d9ab4f92d43033ad4572711a46c43831e8c2d0c16398308c

SHA512
3e07c24d78f6bf6c2247f7eda6d5fe3f376b6b6cd417d36818c79c116209503eb97ce3a809647963d0479b629def79da84bb454ae00a5c7e513a6a1b8e864c03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\e19a97a6-e5d9-49dc-8ebe-c9d167b45065

Filesize
11KB

MD5
4bf40df3b224d1dc4f7eee2ff903037f

SHA1
90d43f2baab55edc698dec6ca675c9e49c139671

SHA256
ddbaf6deb88d99b36a30c259c0a3501532dc756f38e955cba4ddc56980f7426f

SHA512
2bce002e1e00e6cbab42867d6d829018470f68a5f6195f4fb9672d86dfb4391ec48245ca3aa76168f79aaac3396e62b432d9433b7dcdc9d031d0507595312307

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
7KB

MD5
182da7b56b3159a1519aee34b730c3fc

SHA1
786d774575eb13034a9a331a3475a90bd443e556

SHA256
b3be0304bbc5a727c67d8c91238e6ec7e55306fe590e8f600121a5c0c3691404

SHA512
a9d2fa5fed6e080725b0fc120f42ed6f6715c5dd9ab2d058f58c541aed4618585ce29593bf52d2b1fb27a70305ec48c5209db110d389978656c1377401e28045

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
6KB

MD5
5cff5af86406816931e2566b638f274e

SHA1
7cb3e0e0786220a9d1b8d416aa6e10701133f7c8

SHA256
0701fa656eaad9ffc64a63cca1d353320ba92f3ac9f1f1c74babcb5cfa779611

SHA512
21e493ae8db1b7a39246c743fe2441058cb92af74c3bb8c8fe7a489950da8331abbd003bd60ee52cfd1560781b7eb0d10a88b1bd159456ccd43ab45ca3a67e97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
7KB

MD5
aced7b2c8ce9ca84f694ea99638d7f22

SHA1
337579df0f5a5cc96ed42e783558a75bc7105bcf

SHA256
6297beab2cf2998211dde363f50e1043f94fd60fd1ffefea92c5b97f097246b2

SHA512
845ea1966b2a40b1c88e9329625968662f12d41013e3517406a3b970dd601cbc2b0a507eb7ff681c91e4127e4df8d25323d2567551fa38e401293a1a025cbe16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
7KB

MD5
2fa8720a509feb138443ed63ea49113c

SHA1
0df57f02658f81b1d644e0a392d05c0445f434c5

SHA256
2599d31c7e6be96d7ed6a79911a91af49955c999131ae61ae117f3044c4aeb20

SHA512
2a6c08393df44195b3299228a0367945eaa8f7d13a4e77f6e7f040bbfeb6314fd0c0550afc9fa12c0e06e880b983ca4d727b584cb659a2428ef7dd3ff07833b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
6KB

MD5
f907686e57a237dd5efa5ddff339e8e2

SHA1
172ea16c368167989fe5288f59ca94abc6f344bf

SHA256
9d25df77768f753cf9e3dce2f0d131f6ad484aabd6f061ad1f108fadff703a1d

SHA512
4f8e4a60526cc5f52ed340ec01bf1c4f2b5035a20cb76d46f5194038f2101fa5ddee3deb511bda331c09458585cb9eb059c160c38a8c3a3b624a0c55f24964b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js

Filesize
6KB

MD5
a6d1aa84fc8ae064c10776b8857b35d2

SHA1
c1dd00b10794656d1b1f0c88151150fa2a37310d

SHA256
d4291c0f6b002be4b9d5c661d5d86015ca71caf07a0e19a8f082ecac398e23b2

SHA512
c3887fb623d511fb2d04d78951223012053941c24de7bffbbe8dab972010b3beed77ee8fe093db519a7bdb033e9b3c45c29317fa758e7c6956d83f89b0b918aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
05f053d934436ed93dc12e6bf32c4953

SHA1
75c5d79d93ec8c8294da244156e72743b9a926fe

SHA256
62ab499045d1da69ef09fbb5f6a72e4d82bc1647bcfd178a806077ebf251d598

SHA512
5681d0f6055c9467720be2337fc0bd23c104bf9604ac482a94e1f87315f4a90692e9c4f856e7d37f5bf315ce61d6b8bcae64820e0a7fac2e3fe20e7624179a11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
c055fd788cc2780cf418915e07e33885

SHA1
23b594693c2fe5911250883e99b815169c2a446a

SHA256
d605125d8e36018b615a99701715c89ad66c327d581ba72545c28991e129330b

SHA512
f92eb47f3e09ad57ce09f10558058bda3c892833df6f4b26fd6d12740bc2a42f078c394efd81bf2bf7a932cedcdb68863ba7824231bfff9c630391c920e77d0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
92857dc6c50ea9fe88ee896d498470d1

SHA1
b66111ae7fcf1ee038172bbc695e51e4812cbb63

SHA256
0f132a2a9de81cfd4cbdb05d2c873669c6a0d37db9bf0edabe70bcac18280c7d

SHA512
a81940ced2a3357f126316a87bddc1aa6f99ceb070f861274ca0ae155ad00011d3da40f0f3c9a01ea9baa375c448e6a9134eea0451733e6de266dfbe85346347

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c9ea935aa73ff0e4985fdbb5a2d0263c

SHA1
06c31bccabad3b431ff17bda41e7dac1e10f7fb2

SHA256
f1d7d664bb4d3502d4636089033e4da3fa9bd6177dcce4fff99874fbf1e8bcad

SHA512
3fb93a740dd820e78571755d8295da9bec03d6b76277cc98de6b61474fdb8a4d5571453721f7094b231d1d39410b29f8133735a011058208b680e0687c869111

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
061a4a00cbc7960ac66703c8db82e0a0

SHA1
6e69140bfb5c9760e755740bbc6a608b5423a3be

SHA256
a2d4aadd8d7f5ce90669b49a573701763249688b602ad1932492d5f863c35c94

SHA512
b87359f0fa9566e9f193b20762dfe85c0ccac2af85c6200768324e652fc87c3a993a895c59dbd1864a8c778ae3743b194115d0b9fb65fd081001fba9aa0f5381

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b12a6b64978f16edf2c6eeeab0bcc4e4

SHA1
af5ea5c119c2f489e39a60b1744b8f77c8f0b13a

SHA256
3681616c1290f2499a7888938739bb1b69b3eccc97427a62100ea7f2f6fe7fdf

SHA512
a11d6e64d918de45b4148ec5371e37d404acbee35272e1daf0a5b9f3f6ec3cb20d2dd08419c5778d540efa63af87a94d1a55eea3d524e78e4a2b2ee313e2909b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\targeting.snapshot.json

Filesize
3KB

MD5
96d4468b6d14a6c3f5d71eff8f304fa7

SHA1
e410dafa344eff59298b919215fece82bf90d4e7

SHA256
64107f4d58bac615c2da4aa528f3198d12636a7c10c8fbe9741bf8ae4d319e2e

SHA512
07e28073af2b9c27a596c506fb24ad5a2367f898f78bf45ddca2156b47b56ab6dc092b616ef77d734e2b5948c4b64a119e9b403f6d783edc59b0f7a02010e35d

Download Submit