9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
444s
max time network
530s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (31).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
684	triage - Copy (31).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1288	firefox.exe
Token: SeDebugPrivilege	1288	firefox.exe
Token: SeDebugPrivilege	1288	firefox.exe
Token: SeDebugPrivilege	1288	firefox.exe
Token: SeDebugPrivilege	1288	firefox.exe
Token: SeDebugPrivilege	1288	firefox.exe
Token: SeDebugPrivilege	1288	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
684	triage - Copy (31).exe
1288	firefox.exe
1288	firefox.exe
1288	firefox.exe
1288	firefox.exe
684	triage - Copy (31).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
684	triage - Copy (31).exe
1288	firefox.exe
1288	firefox.exe
1288	firefox.exe
684	triage - Copy (31).exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1288	firefox.exe
1288	firefox.exe
1288	firefox.exe
1288	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 2144 wrote to memory of 1288	2144	firefox.exe	92
PID 1288 wrote to memory of 2372	1288	firefox.exe	93
PID 1288 wrote to memory of 2372	1288	firefox.exe	93
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 3140	1288	firefox.exe	95
PID 1288 wrote to memory of 1432	1288	firefox.exe	97
PID 1288 wrote to memory of 1432	1288	firefox.exe	97
PID 1288 wrote to memory of 1432	1288	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (31).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (31).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:684

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.0.2060380098\57174846" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bc7710d-b83f-43fb-97ee-52d9b453db27} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 1964 1e6966d3558 gpu
    3⤵
    PID:2372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.1.1585507814\340559083" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d3429f3-358a-4674-ac3a-92633d4ae107} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 2364 1e689e72b58 socket
    3⤵
    - Checks processor information in registry
    PID:3140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.2.2003326954\2145423047" -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 3124 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eda491e7-7d27-4132-851a-7fbf142275dd} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 2912 1e69aaa1458 tab
    3⤵
    PID:1432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.3.1333609563\235891371" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a903ad3a-052c-4535-8878-7904eb0ae40d} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 3576 1e69932ea58 tab
    3⤵
    PID:4636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.4.1421311051\76696203" -childID 3 -isForBrowser -prefsHandle 3972 -prefMapHandle 3968 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f8076e7-d2cd-4123-aa80-eb06c1182bda} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 3992 1e69b9f2b58 tab
    3⤵
    PID:1820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.5.792106278\574996353" -childID 4 -isForBrowser -prefsHandle 5060 -prefMapHandle 5088 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36197671-d9a5-476b-9d22-c6d1d7bae54d} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 4976 1e69ceb5858 tab
    3⤵
    PID:4628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.6.587101358\176444861" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe92e58e-9540-4c32-a9ff-3c0a2d624464} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 5324 1e69ceb7958 tab
    3⤵
    PID:4868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.7.17744225\912086458" -childID 6 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {901ca847-2be4-480b-833d-6831a898a03a} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 5516 1e69ceb8858 tab
    3⤵
    PID:3876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.8.1425151423\1873604609" -parentBuildID 20221007134813 -prefsHandle 2828 -prefMapHandle 2824 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07d87a06-99ad-470c-bb4c-7339810ad5a6} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 5752 1e6995ed358 rdd
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.9.678149161\343772412" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5856 -prefMapHandle 5852 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5c24f32-555b-4cfc-9d50-f8f77c781fc5} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 5860 1e69992be58 utility
    3⤵
    PID:5556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.10.2084655474\1470799402" -childID 7 -isForBrowser -prefsHandle 5876 -prefMapHandle 5888 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95d62dfe-6568-4dfc-8b30-d2c8f5307350} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 6016 1e699f63758 tab
    3⤵
    PID:5572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.11.739988638\2129240569" -childID 8 -isForBrowser -prefsHandle 3996 -prefMapHandle 2808 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a1c43d0-ccf3-423d-8f60-13c6bfdb0f33} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 3112 1e69dbc5f58 tab
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.12.732052770\428449411" -childID 9 -isForBrowser -prefsHandle 3980 -prefMapHandle 6216 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33331ecf-1b22-4e5a-babf-f8becef93742} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 4480 1e69dbc6858 tab
    3⤵
    PID:5308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.13.1780118832\512344213" -childID 10 -isForBrowser -prefsHandle 5660 -prefMapHandle 5652 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fddc4767-5063-45ad-b5c0-980f508d20e7} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 5524 1e69ceb6158 tab
    3⤵
    PID:4836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.14.355378374\1987503695" -childID 11 -isForBrowser -prefsHandle 6224 -prefMapHandle 5976 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4188b180-55e2-4b67-802e-a8852b69134a} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 3960 1e6991bf558 tab
    3⤵
    PID:1216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.15.1068564340\1594624715" -childID 12 -isForBrowser -prefsHandle 5388 -prefMapHandle 5336 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0198065-4e61-4d5e-b2a3-ecf4ef5c8acb} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 4632 1e69d964e58 tab
    3⤵
    PID:5008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.16.768651217\1545226493" -childID 13 -isForBrowser -prefsHandle 10348 -prefMapHandle 10260 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e78e541c-606b-4b7a-84aa-8c2f3eace9a0} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 4192 1e699f62e58 tab
    3⤵
    PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qapp529h.default-release\cache2\doomed\10485

Filesize
9KB

MD5
cb19708d99372a8ec3b8d6bf231d8ddd

SHA1
926587d91b0c6148f0d5733eec8cb6e6249b2166

SHA256
634fc70e566b97f413b46d06863e627fda46a34e9a26ad6ddeb561d0fac86ff0

SHA512
dc0e460bcb582d8d11d0363a641894bfad4b2c64be881b0235188969fcf763dce7f78b640277621a23b124cc1396a28159d4b7f07e35246fbe683c3ebe038d34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qapp529h.default-release\cache2\doomed\16297

Filesize
9KB

MD5
60f8b2bc27035da51dd95a85976ce769

SHA1
d0ef8eda4a8b8b35a847c5d691f5198102c3d68c

SHA256
e04cf843ff46a345ee5427eef604621e5eb0cc5b3657b2a55d4a10b63d87afa1

SHA512
6a92ccd35d6b50b312c947868c454c46c9940a0702cacee23f4d9737aa93b6a48657fbfa6c6c82c64dfbec887bbe8fd2db0450f1b445013bc39f846595ed7fe8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qapp529h.default-release\cache2\entries\52D6DE9CB6806448C8C808EA8977B9006B2E8A5D

Filesize
10KB

MD5
4437d17eec4d73ed8835cca545347a98

SHA1
b901cf9c703b13f3c6ff4ebdd9c8c74fb4860996

SHA256
d72f19f4a501e6707712542b6088125704750d0d9f74a24f03333aa20f342266

SHA512
12edebbe24684ccee5c41f60416d590a0ae821e0a13fdedac4a92fdf4447c5f8e6d11bdccd6c0de3df8b957436f0a3cb96024eac458ccb406dafc6d107dc52ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qapp529h.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
b4d170324879b97e47a3b797cdab569e

SHA1
b46be3529a15f11041bfb811e95e539446f07933

SHA256
b3d1e735d904666953d6bb542101d5df5c0ee7e0dc1f419ec158a7d296578bd9

SHA512
b22ffb7a7724776615a4a39c2bfcc2f1e3b49a8bea9f83bd4d2ca5ecc4141ebe844fd6404a377cf8856bcf989ee21069ae103a776bfbbf9916ec509481750976

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
919676a173df1bc6d13ffe4fc09227c5

SHA1
d302dc8a990e0d9a20ba0b0b2f26c7a43a9588a9

SHA256
89551a86a4d3778bb00a55c19f5f4bfab276badcc198129d9c871c13e77a34a7

SHA512
cb3c00e3e344b88aea82a395d5b50096b615d1285241fcfbca2bc3ad254b89ffb8bf9d35fd7656d619b7667b6d3c03ac9ace304e77d96d0444a9ee98f22cbfd3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
7057c091133f308de42b5d1c04d27efb

SHA1
e175ed4f129678e7972b83b88d7278657445c9df

SHA256
f97e15f162383c6c35f5d1d745dbb9890519429806c9e6ead4bb90f4bf58bed2

SHA512
49fb9c4462afe0e478c070ff265745b60d7c3775f46fac1c44725e9d30f1d88fd8015edd3effbb0fa22bdacf890e98c268af68450c527a855d54fd34df1db1f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
a8b7b903b0573cbcda80dbc53e9159f9

SHA1
0a8791a61ffa5e1b402515118e3e4b1cedb91996

SHA256
e4fb835bb51b88d759a86a2ad816f85530f2d7c36be0521e719194b7887a622a

SHA512
696ee2df46b2148a1d7f2e9b5f119f9a2b4695d7dc5608151232a707353555d376159d32f88194c32bdc43c66e927fb612376ce5d41e775c8953a17d869e9e17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\datareporting\glean\pending_pings\2c2a26ac-0640-44d7-9363-b23631ede61d

Filesize
746B

MD5
90a005b578c853e185b0e50c95af1531

SHA1
189ea05a797cac4ecbee3d9a8ff9ca69ecb08387

SHA256
656c71008a48eeb8c1458214d1d4d219ef4231b6c950d185792ae287fb6dc6aa

SHA512
fd3e0e8956036ee253627a1fe359d0d17817afc6730a58a17b8d380d7c99fde2bc5fb503f703bbbbac3496747693165669d257db34004da8a7a809fe568c498c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\datareporting\glean\pending_pings\c5e4a4c6-12da-4406-80dc-6d9b1235b4e7

Filesize
11KB

MD5
dc2fb6e3260046bce9d7f603185bd204

SHA1
61ad307d1b31a035fec64cb6baafd5a8e20c11a1

SHA256
4b026c66d2776e5acb462a45473ad6b5b72325021389b3fac75cfd96f477cd99

SHA512
b2bb8178ceb70564fd8a5dc937c46a33ec86a189351772b1ebbbe513da9c1de1686ce46660222761a5dc9adc11a25418febb0665dc39e387960d5d5cf772b523

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\favicons.sqlite-wal

Filesize
352KB

MD5
5f179fb9bad2c7716aba738ddb008077

SHA1
96632b912a7a6961eafadb8abc6a86610a2c817c

SHA256
13c0cfe5c9ee0dfbb00ba5e1f079c1c3507bd19c5ff59dd9287e3e16a7352d29

SHA512
ab23a6a3bae0876568d79e4bb358ef05c2498298c49beac2df97dd1caa96af105790dbe9cdaccaacea8871ebcebee478683bf95b5edae405645cc1b87735b314

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\places.sqlite

Filesize
5.0MB

MD5
5ddd804ee50d05389f60279cd1e9bc51

SHA1
99c10a1f58e3406b55bb38232179fd678bfc24a5

SHA256
ff7c1eefcd3a766b5f8163579f7d2f1408b7991384426821dcc0a9802274d12e

SHA512
ba5e23e658e447d2b3451d448bc575575b4e94fad7a5c2c43b9b46041b36caf386355e121e64c2ea21b8b4d7f6bd02f947a2932a6d9753929c6a649cdfbaed14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\places.sqlite-wal

Filesize
2.3MB

MD5
002bdc0592466407c71360046e366cda

SHA1
e290aab421760487423cffbb3fc6b352523d5d2a

SHA256
0a0324fa363d02dc6104c0b1e93713aa55df43faff92ef2d85b9214e31ec204f

SHA512
9d3bc77c8dfe8423453cd1192f8db86fc507df61ace3c3d3cfd1251a136ca2269a54dd713a03d789854946f1723b8cfe14ddc631db1155d03284d24117ab407f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js

Filesize
6KB

MD5
24a6c9b2c073a3a6c1b6f6888345ffba

SHA1
62797348a593ea333411d3d9e1efd947eb191d21

SHA256
d7291495e49fdf98a86a527092f3989c7738161bd7b0574bbdd673f2ccd78d25

SHA512
4960463a46f3e83b1c01e152eac0f838a516eabb104fea2c2eea8b092e2fbe34f074c32d2d78e2c4671031e7061bcb17e90ee0f7ca7d836e544719cc58c71c6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js

Filesize
7KB

MD5
491b70d428d5669af9e09f7d2bee6e2a

SHA1
7ae304ab0ff67263a640f83b574879602feeea32

SHA256
a57df92200eabb87db58bb1d46949b4a877cceae385bf90610bd1b99771cc086

SHA512
9cfbb4730630d6913f9b3fd5a98efb14a44b12f8dbe93e88569cda1962faba3ddcaabd8b9c9f7625eb6dd640331b87b4cde2335c9270d706888f8f38a1b29a90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js

Filesize
7KB

MD5
c392abbbf9e57a284f1224260804f75f

SHA1
fe0b4367b97d3fd1b83468e1700cf83dbd7d070a

SHA256
647057a5831e6802791ad25442f312fa33fb98547e7eeaabe965471d331bcfd1

SHA512
f1c270fbaf0bdd47ca226c246db0c2eb8154bc9da4fd1effb849798dcfe8d0d0a23a1400b121dd3e5dea2e937fdb0a75f3bef5de4a84dd76831c99d84ec981b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js

Filesize
6KB

MD5
cf1f7a19699e7787f647823cd2f752ec

SHA1
4d8123bee5728855e0926cbe4559bca95c827a2b

SHA256
5fe0ecb727455d78068fee2273ea01101285d2e2d4cf686d4c2389eaf44be20d

SHA512
08ee68af5615888e42ee93b3abf4198cf8593dc0f5c81fb1527b95482bb1a4b46f4efd106f0f198d1763ee0d2d03fba75a274d3d43934d65eca320d4cc5b0737

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js

Filesize
6KB

MD5
cc15d34b00f64936da06430fed810626

SHA1
cdd1ed4171dd247e460b9363e8038edb20ba6d1b

SHA256
3724213d6cff5384981d13c7772e54bf51464bfa6f1b23ef2848a645603ae76a

SHA512
7c4226dd63e276c5f1eedd0e1d07e5789b571767ce4d46a74de2c41ce40a84e3259fea9e205d505721cbdad2ee3b430e7d5ee0c990c4e841e803ea5bc0bb37c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js

Filesize
6KB

MD5
a8132f35909feb3cf6c883a91b51fdb2

SHA1
af00826378912ec2e1d1949455ac5d5049e9af98

SHA256
aabbaff91b108563ec249cb887d300dca07093cff4f3f83063ff108a4ba9f6d1

SHA512
61be3a13cd7ead8f7073bd787d972536ee67d55e12c4e308431e7df3083321ac01f09fb704ed01cbe8267ea51f48c2b491fadd520e6456aaab19d0e77714e458

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js

Filesize
7KB

MD5
c21c286f9ebf0dd7c693cc3b23672d50

SHA1
61f7250c37368eee6e71a3249916d5f8211bea91

SHA256
134ecd930e2a49bc02d0d4ce476a7b8ee39ca7596a4dc38c8813fb0260e28d27

SHA512
b7e40ad91d38674f3b6ebfe48976093f3b7809793800a7ace88864b42baf68be189a7844b44a127d74a930557e94a7e04c1bbf05f70d26b20f176f856e230da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs.js

Filesize
6KB

MD5
c5a5ca514368834b6d36fa7326302503

SHA1
1cb2baa930366c88c7a1a713b51fc8bf8deede7e

SHA256
5dce2e9a531f88010f369aad004ffbbb83f1fd37499f41c21345faaca9be13fa

SHA512
7ab26fc5ab2e4d1f6e24a10bc1712247d60a14b21b892422e70ce31623cf5ed029321f05e8fb598dedabd7934a1eea51f1b980b9f1ef33340ccf44504ea22123

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
6dee7eb8f117124d47a97bf6e3068e5a

SHA1
181d1a2b7ba1102f00da7298586006bab299da5a

SHA256
6936629b6bcb1585202b5269c00df9fb0e799c90f8d8fecc370b155440e2813d

SHA512
f055475c8eb9fa132a7d94425f85bb90990ee09e99e4d664ccc5c97ebdce0a2234292d2156d98fdcbeaaa141ff7cafc4de7cfe1dc54acf34c68c29c37c6ac2ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
ebc0d2d770e5b0acdf20d2a029776574

SHA1
b34f69c4115476bcb58af4414f06b1b5a1172784

SHA256
058857be0f55adf7b5244952d8cd6a535b848c8529e90dedd2d2c7b39e541904

SHA512
e3027dd0af39530c014e7fa7a02240e2913aea30df2c7b6ee734c902cb14e440d94b4b615f16d3fefe31e18e42a3147a480d1cfec4d95ee80b3d61267f7c0a14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
49fe01f40cf0cd5ad828fa4f817ada58

SHA1
88feb06a2f9c75dd3c0f499ed676356a90c7a95d

SHA256
721050760331c0a4c0e0aadd479eb801fe75b83b3d74a75f7000b26e4f7171d3

SHA512
bd967d30ad091c9f9fea95175f2b8f266597e4e4a9261aedf3075295b896bc0c1143ee0ce43d0541c0f6b5113032ebb99a28c9936a8eff31bb1afda29d1f0160

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
8cd96536566aa995f52b063319b95a40

SHA1
1f5f0ae50a0aff0f1b2b9e15352633dc37afaeb7

SHA256
6998eadb10c0ba703911eb7e536131c593839d2a4dac65180f3184aeab117f48

SHA512
ed7509e296eb20f11f353a1c3807e503ad2fb0f3779395ae359975f2cb0e46f8a0bfe5c275234c079e0a79a88e8729d5c515c3ee6a025de97db3a34252b3663a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
0328877a538f9bd6235fc4c945fea99a

SHA1
c7bd408635ae329f58995a786eb78b151f6b2662

SHA256
8c167d79a2eed82cde9a45253187d32ff87020b47630956d22a2ef3e7f120e50

SHA512
8e3cc90aa18f30f4f14168b3006b5058655db72ef6a57043097474e973c0f0869c529f90b28f06c963d4ea6074e3f1e6c747d44336a3c525e8c55a219500a68c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
289bae0c447da462b92dd9706b08f917

SHA1
572474ca77b77af69ef575173fe573421f1929dd

SHA256
746e675ea7272f478a3f6895dc4864b4c9b379e3fcd619720897c769e95d874d

SHA512
cec59c0faecedc24bf0e598d20c3491f880cee516ee23f0902bd0abb98651898105e9fb2cf5c06da13eb2aad11d28f689f0df2bf1e3d38af6b0d915222deea6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
671423fc92a7d196970f378a7ef4a64f

SHA1
536d03c9e15f7398e4ee8c9ed02642a9f5b9efd3

SHA256
378db0de6c8800f12597e6acc49b5b42b2731ad8d1471a28f150b61d9e47e0f5

SHA512
c32d4b94e302474ab8a2fd173279485ddb2d8dc6363899d23eaf6602a1d2c0360fc894a1cb715ea0e83235ff3c6d9fac69c66785a64772ce4f97e24d5136c5b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
64064689c77ded1a468e24e9d95ad87c

SHA1
13de2accd1849414ad6460ca91918ef756801c1e

SHA256
c7fdb41641c1c73e1eb0243dbf73a469b5664549fd76bbc27531b1fb78786c39

SHA512
afd39add04d7ff29f26e35c28fb27a308137dd7c33517dab0101ae5a28803b34014665c8d4590f70a55ee73276f8b945b02a07b759d4caf78305668ba9789557

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\targeting.snapshot.json

Filesize
3KB

MD5
325b31abc454f4aaee26562aa0aeb05e

SHA1
54ded6922162c84b769a5d405089f1620e6b9028

SHA256
083bebd34f24762b373b39d63a30c254c0c9a09bcab7009c13aa39fa3f192958

SHA512
ae9ab2848d80d9e0618e0299360ad21e3eb6ad4189525864cf199a85a8195d78dc633ba6ed80f04ea6f25a73ac798d99f8a1c6a00e26a86c05c2c1a4201fc8f5

Download Submit