9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
539s
max time network
581s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (4).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4080	triage - Copy (4).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4624	firefox.exe
Token: SeDebugPrivilege	4624	firefox.exe
Token: SeDebugPrivilege	4624	firefox.exe
Token: SeDebugPrivilege	4624	firefox.exe
Token: SeDebugPrivilege	4624	firefox.exe
Token: SeDebugPrivilege	4624	firefox.exe
Token: SeDebugPrivilege	4624	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
4080	triage - Copy (4).exe
4624	firefox.exe
4624	firefox.exe
4624	firefox.exe
4624	firefox.exe
4080	triage - Copy (4).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
4080	triage - Copy (4).exe
4624	firefox.exe
4624	firefox.exe
4624	firefox.exe
4080	triage - Copy (4).exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4624	firefox.exe
4624	firefox.exe
4624	firefox.exe
4624	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4128 wrote to memory of 4624	4128	firefox.exe	94
PID 4624 wrote to memory of 1492	4624	firefox.exe	95
PID 4624 wrote to memory of 1492	4624	firefox.exe	95
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 1020	4624	firefox.exe	96
PID 4624 wrote to memory of 3124	4624	firefox.exe	97
PID 4624 wrote to memory of 3124	4624	firefox.exe	97
PID 4624 wrote to memory of 3124	4624	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (4).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (4).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.0.1984497890\1468859344" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bcd37b4-b851-496b-a058-13b9f1a0be4d} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 1948 23261fd8858 gpu
    3⤵
    PID:1492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.1.1957948960\1627757997" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2308 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8543d68d-c9b1-4e0f-9b5a-72edd9a34ded} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 2340 2326193f558 socket
    3⤵
    - Checks processor information in registry
    PID:1020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.2.978133304\696060657" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd7fd1a2-194d-4882-942d-23f4b501ebc7} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 3144 23261f5d658 tab
    3⤵
    PID:3124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.3.867453037\1630499341" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {712112b5-6f10-4d85-8d8e-bf02dbc56273} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 3620 23264831858 tab
    3⤵
    PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.4.474352673\2001230410" -childID 3 -isForBrowser -prefsHandle 4344 -prefMapHandle 4340 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1854b700-4211-4377-81cd-053655043a2d} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 4364 23267415258 tab
    3⤵
    PID:3756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.5.1645037452\1224783589" -childID 4 -isForBrowser -prefsHandle 4996 -prefMapHandle 4992 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2005e115-9599-4b1d-baf3-0ed173bd481e} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 4980 23267415e58 tab
    3⤵
    PID:3016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.6.2115211177\1872133808" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9f2c84d-571e-441e-b6ce-b26029b02f67} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 5020 23268415858 tab
    3⤵
    PID:3304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.7.281888455\1225227516" -childID 6 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {435f4d02-3c59-418c-a69d-15bcab348909} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 5312 23268418e58 tab
    3⤵
    PID:2220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.8.1723467209\1380445295" -childID 7 -isForBrowser -prefsHandle 5976 -prefMapHandle 5972 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d74a8fa1-1af4-4aed-b391-f7b6c74a9a9f} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 2796 23269656b58 tab
    3⤵
    PID:5556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.9.519635270\1075034523" -parentBuildID 20221007134813 -prefsHandle 1616 -prefMapHandle 2952 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f5dfc38-231b-4aa3-8335-34ac28f77525} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 6028 2326957a758 rdd
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.10.640663114\434394263" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d9cd16c-4aac-4d1a-981f-de34627031c9} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 6068 23269655058 utility
    3⤵
    PID:5628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.11.515598585\1549441694" -childID 8 -isForBrowser -prefsHandle 9368 -prefMapHandle 9372 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de30c2f-9f46-4b8d-9104-5abea583aa07} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 9360 2326957c258 tab
    3⤵
    PID:5304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.12.1871570262\886055937" -childID 9 -isForBrowser -prefsHandle 9320 -prefMapHandle 9316 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a15197ad-4546-457a-86c9-0444fb1f0f7b} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 10100 23269653558 tab
    3⤵
    PID:5316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.13.317373329\1756225424" -childID 10 -isForBrowser -prefsHandle 5272 -prefMapHandle 5464 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e50ea2c8-eccb-4007-ab13-737141fc239c} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 5260 2326a2a7e58 tab
    3⤵
    PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.14.1059261668\766416194" -childID 11 -isForBrowser -prefsHandle 10040 -prefMapHandle 10024 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {167b1ab2-0186-4954-8652-a56cefb15fd4} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 10052 23268416458 tab
    3⤵
    PID:5000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.15.2096422735\2047368284" -childID 12 -isForBrowser -prefsHandle 4516 -prefMapHandle 9908 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfe1473f-3fe4-4ae8-a780-72f1b871451a} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 2892 2326893f358 tab
    3⤵
    PID:2152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.16.2123571176\1724759288" -childID 13 -isForBrowser -prefsHandle 5020 -prefMapHandle 4740 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9ae9a46-e5a8-437a-a9b2-9e3d787f7af3} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 4516 23265f11858 tab
    3⤵
    PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\11244

Filesize
8KB

MD5
916d8a5b3ded301c3dfba81a2bcfee63

SHA1
b7f81d043e821391d0bef02fa16dfe7a93ba683d

SHA256
0a6557ed79ff9cf7a1719ee58b6f4084d0c019c5195313e5a888e29039c3057d

SHA512
3319d00ae494207f9c52b89fc67793e193d2e9880a0a292bd5c600579f56155e66b5b070d8d513502afa15dcbe9be7cae5e0f06ff2f32458a2291412d9485cab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\27719

Filesize
9KB

MD5
7dab36966304012519bf409271df08dd

SHA1
aeeb2b86942822d19cdbd3cdbb50eb64f8ae2fc0

SHA256
21769212ca1d2a469e349a7e76d17e3096159b2e278b6f89b1de91ea94b76418

SHA512
217e0764426d3953dc027edc0c093e23667d6ac9625c246519032494b747bc0f5ca0cc6e0b4d8c44a91a8b9ee71022d60c6c34be5ee9fcbaa2b953145b1fce83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\697

Filesize
9KB

MD5
871b9aa7dba47556b1f0dcc39906c7b5

SHA1
87cd7d2ae99eac1d08fbd335c53a9fc63242004a

SHA256
f7b335c3a4ac6b8ff885472aab81af8353f953507aedc894bb1ade757079ae77

SHA512
003cf169579fd6b879fa069dabca8ca407e0f5b4366108ed3681e92422eaab5c45da986e377c34a18a5bec38be92b775693d3738055531419df2f5f248f605a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\entries\52D6DE9CB6806448C8C808EA8977B9006B2E8A5D

Filesize
10KB

MD5
72e936c1fd311342e197ebbef0535ad4

SHA1
7ac8d1c6ef53590533caf900c1a99e2ae57b45ea

SHA256
768c81e4931c97a8546fc500ea8c6235ed0858a83749ae04100f3abd674e5540

SHA512
4847ece988e999cf233c809fd93dd690540d30704728c58cc4178268756cf6e55099b8a8e5be928cd77bfcc892d3ae897ee7f7e93955b3b964a6508cc4585809

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
5186098cbf66be945ead10dad28cd58f

SHA1
1a63f3910be9359d4aada233d5ca95dfc79fb4d3

SHA256
83bd45d177da1d49242e3303852f0727dbdd4cdb5a825e11deff407e0caafe73

SHA512
78a075d12f0aa04ee813dae1ce27e70a7ab80839b2613dacebd43048b9dfa1ccd60dfabadea4fe30f6ffb5f4ab4d2ef2ce690e2f4d39b2a616d8ee44c6e917f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
ddc535917f1f252cefc525066f6e8056

SHA1
971e1af4119673c999fefc57d8074c2a89d673cb

SHA256
8d99142d81e1b7db04453fb6d6c74cea453b6b2c0ae1b63aa9c633f5614e5a97

SHA512
6cf6bdf49abdca8a0bfa8ddab9bfe5ae2dd02e7c7ffcd71923f9ef89968b59bd4e3afb06673060e1f80dc256cfc0bcaa3315b5c39df4a6557499fab45abccfb2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
fa4e37db26b71c1fa90da4a1f2a48e9c

SHA1
87c96c6b3abf0752c2a634abf0f7137418cbbed3

SHA256
5788dac8071c6b4e8f183c6a2167ea384804b49670350ae12cbadc7875246562

SHA512
f1b1913dea8738dd6132d9cddc156fa42ffe7b6e50f4a739cb993afa17da79dec9c7d711af8fd13f902415d4cf845d0315ab0810dfdc4cd2975937a9070bc579

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
d082b93bac755edb60b2b5784b3a121d

SHA1
c6c9fa4b5c310ced9a7c4c02fe0bd309897ec4b7

SHA256
b2d0b36f714a3e9b333fbf82b655211e9a18da51a392e867b0c0c5922059ffa4

SHA512
b21b8074b4c4dda27694a9f4b7c4a3c62c9dd09e032fcc14f09d0b148274de0e6702662b57542059b2460f14e582f9360a1608b1cf33d322782019be8fcb7dc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\4aabc610-8c25-4efd-bd3e-7e9c532b1354

Filesize
746B

MD5
b9a1fabbcf7ba1a574107b0a8ba684fd

SHA1
5a043d154289588af7d0137644681d11623d07fb

SHA256
be4c96a2ca0379c42a5ad063ff5dc22dda8360aeeec1f6d53c9d75850b08be57

SHA512
4e36f2f7116b2085ab7e4c81e98f1d06d223be0b1aec5d95605b16ab68cde7e721092fd550e4702fe8944b817d1641e593e814dbb304b938a1fafd1d476c09a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\82da308c-45a4-4be5-9051-a405b0ed67d5

Filesize
12KB

MD5
3425adff0eff31cdd025799c4e1521e8

SHA1
10c56611c67c2cc3e39074d3594e8a4a088de6d4

SHA256
dda73be6ac021caa72eb5b9c83aecbf3df60df17250bcf1faf8862d3f8b10700

SHA512
7822b5430ffbc158b3ca4b247e10ae77fe8d065392d611a81d703b1624ced5b2341a5aded9cc94d0e70925c976e89c39c67ca08006e4732c0f27605c9a82c6e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\favicons.sqlite-wal

Filesize
352KB

MD5
98c4599879efc939dd676f662f6fc013

SHA1
ef0ed8c564dbe94cc445952832aad48f42421911

SHA256
9cf780afce701f826664f84a0655db665e21512720762c98f0dad3e9aaa2ef14

SHA512
d40b67e5c5f7032fb8b3dec76b66b085a538d261d2a5bff591e6c23d47662769a2f64786f6d8b201675714904125086db55ec5f69327e319794ac72b177c58ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\places.sqlite

Filesize
5.0MB

MD5
5c81e514c649b3b1dff61f3a7d932179

SHA1
3b140595bce6d52a9ebafc46440baab1148250f8

SHA256
0d1807e74447d1446b47a1dfe91fc0d3b4bacc656721830c6f8c356e31625e0c

SHA512
c50b2d54bcc88ccaed6d886938e99fed089482a5dc68f944e0750b7c40c094c6bf0a97c7dee2f1863bfe94c4f469b581d7b904e2d29cc881111deab6a919e290

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\places.sqlite-wal

Filesize
2.3MB

MD5
aa2d7fb9ffd95872090d70ce62b1bebd

SHA1
056a9f3a8feb39f26f07edd07b251c04218689f1

SHA256
940de33154e460a5a7aa0f6f7d2c6bdd0949e1e7c7a4a42395c921da520b2ba9

SHA512
60812506fe9cf37fdc2f841455b3cdc7c47abb13f1f0f5085be691810851103388080f75825ce5af80b68e20cc4622217eb607a59b5cfa4899fc8915b9498080

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
7KB

MD5
fa5cb10fff097f722dfd6566a6d9d07a

SHA1
a266f8094cac5f0188b2d9c4727c4e69596141b7

SHA256
5d5ae84b70b47d9824340dbc2be31d18b7e0acfc00e9bdc7ebde8ca54f314b8a

SHA512
889e6dc56f919d2bf40be7140f1cb18ec9441a54b6ad480e64905d958fb2c78de0bd6186caaa6e61943b6e525fe20b7e2976e6975864299379999311ab9120b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
7KB

MD5
2a79c86abbbe277a342b795752205bba

SHA1
bc4ba609259c389d1cc38e947109b035ba9b8748

SHA256
233401a1e29788acdf636335adff8d204113eb40ee91ac9b2dcc1bc8d332e08d

SHA512
ecb78581e5af5369f136c593747c6875a47261c997054490a7e4d73d3706d3c5c1e69f03b0c5ff0b0622bdaee320f445e14170e0b9af6a483c1bfb7221ca9cb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
7KB

MD5
8964d6ef4d98c48bde12b303749824d7

SHA1
6ca7f8a60b541b55254b9d6bcfbc1dc1b65fd561

SHA256
3d342312b8627b9bc9f035fc277de97ba48de138ab1ccc8223974f8514e78c77

SHA512
9fe9db04a4f432aba73d07d8b02195fa5e607a874e05462debe495c28e0d56283727fa12b293843e81f14979c5982daa8fc38945f212a348ae3a4dc94d0c3213

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
7KB

MD5
4b289452f0e37d77337dee5582bf7ae0

SHA1
13bc158fb0c7d424047bd6e3551b25e1e3b86ce4

SHA256
16cdecc2bda491b31295693a7ee14f34d17bd978a0ff58bf490277f6dc413bb7

SHA512
543e6d69564714fbffa0cc889df0e348ca268405122f67eaad3f2e56c8d89e88c5611bf5b83e37633ac063dc910f518cb4cd4358c37be7a81a64076374098ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
6KB

MD5
42d32e8a5a93c98c563554cb4d39d85e

SHA1
158a7e44872ac998c9594d8fff8da7f9b04eb7ab

SHA256
1cbc48ed13b60f07b58355cd8e16a0e68645791b7b2576b998794db58048c30b

SHA512
9af7f66e30bc0c32ef807720fa47e611293b2ace363e4ffdc7b0dde9580ac6fbf8c9ca5396cc968693775933ffd04b9e1db920728c2d0b883891ad2e0fb22001

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
6KB

MD5
510e450fbe0deeecd48e983d3d27f0f4

SHA1
6d20493ad3ef6d37005c561d9932be6980c56d07

SHA256
03b0f7bf6ad1f43a203674926eb63d68bb78d1390073a2cfd1cc45b62d7ad03a

SHA512
e14f9a5cc449703f896d1676ac61a306bac2eaa3922fe3d1fb12986e2bee2283fbc5aeeac0344e4a45200c3302cf6bfef9f5e2caf3bf359b40e2dcab49177276

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
94f94f07488bcf5fe02eb2aae0f02de4

SHA1
ad2198589100f1d981dc6131fbc4dd881424e4d3

SHA256
d6a90cdaeda095765c77c5b39fa32c3f4ffc9658e2cd0b6542ed158324c4fdd2

SHA512
f922651ccf343a13eed71701e0220389de3b15aa9c8525920e1772c28a9b5a20b1a44718fa0fd18fab04ffde1752e3030988470dfce2393d56bb514cd0e2e9ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
356f0652c4ad6bec6bcc4ea7a055785b

SHA1
553cf453a93b594688371806f840b380eac7c7d4

SHA256
1999d89fb5edad69f542055d3a8b8610f501b9912ab847318e13e4079c5c057e

SHA512
be2eb48e3af8a8968b6b6fd159aa90baf0d62670306d1f227b3e6f219fa74f07ec9b3f1d7bc874d0738b44237cffe1ef8bff519d61f5d248af2dd2e02c93a896

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
b038b231bbb388b1d037b5acc4a73471

SHA1
9e6e75dd50bbc6d9f0178442ae810d412f254f58

SHA256
5e24638ca43416f8fbb4deadf57b3dc5de9fd4307accb64da4c16e04c7e1e21d

SHA512
4f02a4e249c5e517d8c81733360714b4f2632b0099072cbc5cd0405635e8521bad5c75a27dede13bbcf49d3e6dd580c6ddff7694968c6108935bc0500ce3b234

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
60c7c2abb31b4d8657a0afb061d4b6cb

SHA1
97c102cf95606a130222aa69a61c69c2bff24d89

SHA256
083544213e48da73057ed2432f15e814847222e55ac286edf532885cfe528993

SHA512
d65ee6e3b0b4f1f850c6a82c85bfd2668fb60ee01864c0599124c6398178889316bda37dc210cc4ed0fb5bb772198a849061931b0da9e333657426f667968ea9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
5ae7dd8353331836b217b850b695d952

SHA1
87db710852e5ee3d7bf626db74b8c0e1613823df

SHA256
5c57ecd14dac0300bd34bd1636c22aa15367286c40855c9fe3049dd4af237f4d

SHA512
e48d241dfeea7b117d00ceed93c6d78d9ea9b19f3166fa00459e0558bff888320133cc4357535b2ff31b67f6ccf2dbfd10059c394219b2d71db229cfacde56c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
9ce0fe1d22c1c6e4f09f1d610054c080

SHA1
03ab12695ef4cd2e25b739fdf2a067a11a889ef3

SHA256
4133099f4f9a4416857a774fed5d50c70e8e21ed0462d37324a38fc28f8191b1

SHA512
9b782fb0237964356fae586e93d04c0358496ca2567623ee7226983cc03e76ca11c66272bfdfded0439de411aefdb48c2c30fbca92f4a634e6706047341d4e23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b97193e26d032a6af500bda6356251b1

SHA1
d325cfe4702eb3f87beebf3a49e704e1530f91af

SHA256
c3551731d0641546d0b8604a0ec111d3b9e14159cdab9a513be0d50c1fcac343

SHA512
0ae72e96a95ce027d87a52de953324b926b6a37ea7e84d86b8e7f7bca29caa81a0e38b826ca72448bec292299a2851c477382f2de8af7a7bd9bc04fa5b59e29d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
5e89246d328be54792995cb0faf25674

SHA1
a6e7dc88dab1e350c20b0b8e1562968a3108bb7a

SHA256
3008f0bc4eeb12b535b72c3c62a7c972b16fbd8203cd08a00bed84a285a6a689

SHA512
f39e6ac7d18d31585b2ff2011bfd644e2384799592c3ab38c6b24d5fcd1aa6a46289cd3c332e79aab43345697ca10e21fdde1544be87984013585078081f0967

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\targeting.snapshot.json

Filesize
3KB

MD5
9f6d181f5a8a71f7f4158e493ff00e63

SHA1
a11034562d4f1631ca4fb29cca02903a3e76d6aa

SHA256
837858121753219024c4721a9f6c5ad65a3889bee744ab319b4bf54a00e38c1e

SHA512
a227566fcc54b3dfa452e8815734aa6f128b8d094d4575cf88a5f6afb5827dfbbb8a933f15b4304f5151e47aee6a4acfb5ab4a33ccc87b44d6bb5539c138c6d6

Download Submit