9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
590s
max time network
581s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (6).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
348	triage - Copy (6).exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeManageVolumePrivilege	4980	svchost.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
348	triage - Copy (6).exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
348	triage - Copy (6).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
348	triage - Copy (6).exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
348	triage - Copy (6).exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2108	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 4908 wrote to memory of 2108	4908	firefox.exe	95
PID 2108 wrote to memory of 2936	2108	firefox.exe	96
PID 2108 wrote to memory of 2936	2108	firefox.exe	96
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 5100	2108	firefox.exe	97
PID 2108 wrote to memory of 1712	2108	firefox.exe	98
PID 2108 wrote to memory of 1712	2108	firefox.exe	98
PID 2108 wrote to memory of 1712	2108	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (6).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (6).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.0.1520695813\96014856" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e34239e3-d723-4fa5-a589-41730d617739} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 1964 2a5afd04458 gpu
    3⤵
    PID:2936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.1.1021169269\209112093" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c28bb91-bda0-47d9-9ff0-ef937ad3ae0a} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 2364 2a5a2271f58 socket
    3⤵
    - Checks processor information in registry
    PID:5100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.2.1793118688\2034263783" -childID 1 -isForBrowser -prefsHandle 3216 -prefMapHandle 3184 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54fd4535-eacb-47f1-b1c6-26f5657cc539} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 3168 2a5aea5a358 tab
    3⤵
    PID:1712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.3.2128966364\1275344459" -childID 2 -isForBrowser -prefsHandle 3352 -prefMapHandle 3348 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ca19fb4-fee3-46e9-80c0-e9c585b8e812} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 3340 2a5a2262b58 tab
    3⤵
    PID:3888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.4.1672927700\1306485452" -childID 3 -isForBrowser -prefsHandle 4424 -prefMapHandle 4388 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b45fd0e1-e5f8-41a2-9143-4d23d77fce9e} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 4452 2a5b3ff3558 tab
    3⤵
    PID:2684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.5.660461251\1935467836" -childID 4 -isForBrowser -prefsHandle 4652 -prefMapHandle 5060 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b64131c-23d5-40cb-894c-2195995b589d} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 4996 2a5b4e28158 tab
    3⤵
    PID:4340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.6.1676280018\49992598" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c739bee9-b5ff-4ab9-825a-18cf006e03a2} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 5220 2a5b4e3f958 tab
    3⤵
    PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.7.775412421\2091174349" -childID 6 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68d05584-0f1a-46ea-8483-800ae64388d6} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 5408 2a5b4e3e158 tab
    3⤵
    PID:4448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.8.1102222527\1328912325" -parentBuildID 20221007134813 -prefsHandle 2804 -prefMapHandle 5724 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f819b48-65eb-4372-bb66-2a9a3d88dd40} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 3080 2a5b2126e58 rdd
    3⤵
    PID:5588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.9.1277435792\1693595952" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5940 -prefMapHandle 5936 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27bee302-2701-453b-acbf-9893e90a0be2} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 2832 2a5aefcad58 utility
    3⤵
    PID:5604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.10.1875206476\766661055" -childID 7 -isForBrowser -prefsHandle 6052 -prefMapHandle 6048 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7854c1ce-7f82-4a29-8742-8f53a62372b9} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 6064 2a5aefc9e58 tab
    3⤵
    PID:5668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.11.96257744\2063351593" -childID 8 -isForBrowser -prefsHandle 9900 -prefMapHandle 9904 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18e63d46-805f-4d35-b429-2ba18f796b15} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 10156 2a5b4e50d58 tab
    3⤵
    PID:5480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.12.682142072\418557178" -childID 9 -isForBrowser -prefsHandle 10140 -prefMapHandle 10144 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d37c782-3d89-4bbf-b833-02e04a7b1fad} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 10132 2a5b4e52b58 tab
    3⤵
    PID:5492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.13.671600356\1890172168" -childID 10 -isForBrowser -prefsHandle 5460 -prefMapHandle 4748 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff61de86-270f-48eb-8010-9619bb0aab3d} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 5664 2a5b719ce58 tab
    3⤵
    PID:5500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.14.1987029529\419502384" -childID 11 -isForBrowser -prefsHandle 4108 -prefMapHandle 9952 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76b84c83-3272-426b-911d-d0b538252364} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 8320 2a5b2125358 tab
    3⤵
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.15.1081368220\561416603" -childID 12 -isForBrowser -prefsHandle 9460 -prefMapHandle 9456 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bd4323b-421a-4450-8667-53b4a16acfd9} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 9928 2a5b2125f58 tab
    3⤵
    PID:5024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2108.16.228598256\1581727268" -childID 13 -isForBrowser -prefsHandle 4180 -prefMapHandle 9908 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {407b4c2a-81e9-483a-be7f-152e1b0d7468} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" 4156 2a5a225ee58 tab
    3⤵
    PID:5152

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1792

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\doomed\24670

Filesize
8KB

MD5
17654d3b523d2042a861471860cc81e0

SHA1
be7ad974ced906c276a565c63c2a678aef97abb8

SHA256
9cd49223668af78ea67f9cb1766d6489e5966e485640f4829546f122aea1428b

SHA512
c75023a6d83adbab5975d820b0af246ff8b6a88c7bdff2ea26caa70cb21d34fa2c9f3a994a032d7db7c8f390b11ce164964bc29aea209a3aaa0b37514de5f264

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\doomed\27026

Filesize
8KB

MD5
880ac34ea94e632e10e9ae30c06674b9

SHA1
0dbea7cf5378abe10eeda641a1e2debfdb5d0b6b

SHA256
335a313317e03aaa3ec9158f228780893deddd9ead188f2c30692a6c87548569

SHA512
1797e1f117d52342e27f76fd962b2cca5239e2135a06ed375335051fb1616b97fe3e47e7095d2cf32c2ce67478966100333b5f94909bc5a50961a80b0ad07185

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
c90bb203c5b7127e50b7cc0ef5a3eb43

SHA1
14f1ea83bc127963e52436d43500a1eaa5d1b211

SHA256
e9233e15fc4be33de553cf8e651a270b558ee8a725a3cff20745796a428a39ea

SHA512
6f7dd953053a6938d2c4a1b1cbde270a649f4178f39a47e445b211926402678dcba5e6381411d200fa0119f274ab8958d6f53ff3e2ff642f6bbd1b9e31b1451d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
f5db919e8a21c20f126541150df1ecbf

SHA1
d4f3f99d31b1178f22c71274946f46ddd3b1a4bc

SHA256
0486ea6ef1390b970e4e95afd91771b0547b7c7d6495f788b9a601adbcc3f5d5

SHA512
fe7e07ea2942939a2f39f74bbfd04de8c7dbcf18128a55d1ff92a54ad89997bf9bebb98f6fa9903821cef37a8bde55767f5ba7487237e2211824ca54952d9fbe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
1b9910638240aff5aca855fe2dc9af8a

SHA1
fdecee23e241ed73bbf2cb4c2b377def762b6e06

SHA256
6d22d443a499279e1d06fdcb2afc6ca97b1bc58181c83784bd8d2187c5ef7368

SHA512
8c5f51d206f29f629f34166d0a77f1530ccf4a5cdc31c3672f795e78d063c4b2d6f20d89830c66b44f167e3b3c617ad2a437365d35a712eec5a4752cf190e6fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
dbaed8dd38f568eab60545dd5bd99cf0

SHA1
fe4bf9a1589cabe9aa0923390a9e7f5b39c3716d

SHA256
dacf4fa2a5515ed176fbc1e88a06af204c5be85a1d2cd250df4c9ede24df8bd2

SHA512
152ff32a2fc68b182567460abb0389cfb354febbc3e5f6e9805ad69dd1d552d2b11e3544b23c336baae8fcb6a9d7863c8945e7c3412122b87983e05cbd173c23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\61ca3913-a4df-4d7d-a8ee-0c34fdb2477a

Filesize
746B

MD5
eb9e673ef7663c78cce47dd0561205eb

SHA1
b526872dc9ba95e8fa24bbb46e2800cab3324194

SHA256
d6a31d6d9f526e7ce6bc9f8306923318f6f5b2fb5fb5823f230e8174d3cb9d73

SHA512
9b044127838a55ea17c38ab691c4d2174dd2c49e47f35c4500096df9895a287b0036f4627b25713990284d30f58b4a3721c802ab2dc388a00a13a0fdbdf4b757

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\9d4cce5d-700c-420b-b68f-866da8275f9e

Filesize
10KB

MD5
ff99649e370e578d7fd8454636ff1fa4

SHA1
21f64747946de7ed64cbe83e21fec31878b64cc9

SHA256
43fa8e18d98cab8591f0bdef6401acab5942332b859d0fc0bfcab45ac7bf66fc

SHA512
b1ed5f494c13597100d87677536e02fbadb7f7fd4a95fa2b08b84ca3a391ca528c9f3971dba75981cd889bf4b7a244c91fc9fc92778568fc2fe2477c9e944854

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\favicons.sqlite-wal

Filesize
352KB

MD5
a7eff46295f906d6974455b21261e317

SHA1
7b00450bb659aab9b282581cea46a89107a64135

SHA256
7f0e2f893772c557ae1fceb9c671a1d5a36c18c07eda2f8f58e911c64a9f1b82

SHA512
c7d24313213d46dd7a6edd20c6e9db3fe83539427503661f735f1506215ac363c2e10fab0733332e73afd7e31345f312981fab7557841e4b003d6c8e6ebebeb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\places.sqlite

Filesize
5.0MB

MD5
eadb81d47aa670499a7961846bb7a53b

SHA1
457bccadced11ae2835d210417e4227081523bcf

SHA256
15348f541abe8e8d29fe4a435305882f4f2c47693c6b45c58f6c0a387de2afb2

SHA512
213de1b817ad0005687421d734933a9e0eab007a49b33ca3f0f49e2e475af85d60efc5a313871361f8f20c2552bf46e1eeacd275b6cbd2f545318478b613ef66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\places.sqlite-wal

Filesize
3.5MB

MD5
a3bd2170ed1b0669ce133f278061ee04

SHA1
fdd262ea948ba28961d0cc2f627098480af5739f

SHA256
115cd494bceb2526b8c4c6cfe083fedaa7c916101403e51a0ca20a37dc466f1d

SHA512
b190590eab9c02eb42023a5720a83b860e5b9d114ff8470e15f7edde36b7b05ef2d69e168eafcc0c3df22e17fe285eab1909959c886e8aa136115095332c5754

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js

Filesize
7KB

MD5
6ac59fd2341b921397b7a2c7ecc9c18b

SHA1
96ececb77836f658cbe539f2f7858bf9da771efd

SHA256
b0a4028ba0bee33392b519355bf7e8a213f4f21804874a6aeb374e8b529fdd90

SHA512
12821c106b6786fbf002a0e3c4b3adcdd54f3bab2655aa985867fbd76ed3db839f7abb6b3bfde59cb0082ce3aac8f92c44a745febb6d2d881e29ca47d07a1d22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js

Filesize
7KB

MD5
63e7f60508bead58ef6dc0ea0356f057

SHA1
419b1d6205d9f49bd256466b97fb2342293d90a2

SHA256
79158a9b0b737e68f31a547d383620a86d27dff98459906e97e49c20e1cbf3cf

SHA512
10ed217913066c211b88c2b2e93526e524e0d12093698d08419439137e08abc2a10fa49e65cea8af6e70713180dff35449fecc5a85907834c5903f6270c8f831

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js

Filesize
7KB

MD5
ab00a5f8340d656b6c4c3b5250d76d1b

SHA1
0b88c744fe2d9c5f03eafea9ac9c82e9d2c5953f

SHA256
b9b596eed8b2303b0067b1d2e84358a9b0a6281e34d6089ba3f0453bfceb6f9e

SHA512
8be7ec92267e68b44051c36c652ec1c0125634d035ce91ead63295ad6b0b5cf1448e7353ef85b91ce9ebd8c1d0fdb3c9ab04db1c430896eab39988ede06f8008

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js

Filesize
7KB

MD5
4b809e36cf4ea9e4bb26d6c70c0f90cb

SHA1
3418728585b9349c07d22e67a78f4a68bb7e4ad2

SHA256
5b80bd4e5d5c61dc1e11d85cc009b1b529789c63d3e242183eef667a495aefc9

SHA512
5850350c9f78471b43e370e166c4f222b518a2dd317cef20adf7f41425c71435ea221a48d27105c5121521a4bf4d257d973108ac50c4aa66e953eaee719b9ee2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js

Filesize
6KB

MD5
3de2cf0af8382d93a73a6c29d6c1bfff

SHA1
6a343c41566b79c034579740a785d9d3481d563d

SHA256
8b4b2f0a5ec5bd643474a385e0364744e40face3adbddb0e3f65059ab4b092ea

SHA512
7c747b1e70ffac40ca1726ef65662ee9ad6a596ac505d1c1f7e79843828ab6ffea89635234644fd779607bcf47529185ad3014705c5d90bcf1a118c75869ee31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js

Filesize
6KB

MD5
c946461ee2c108cbecac2332ef5e14cb

SHA1
9cff10496162428d4d4a2d4b02a625d297df089b

SHA256
f4d85f5e4d7c2843d196b2eebecb9a00174a5ee8aa69323f7aee1ad03eebef5b

SHA512
799825a9f4177bed9e6c45d596a070f59ee852f1547e7cc703bb4b94465566d9fdc6f2d0d15fdb8ba2bc3394eae4903053f5abd672c86f201ecbf01784be3c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js

Filesize
6KB

MD5
1acf4547c43a981d1aaa9c49170baef0

SHA1
b85baa943a2d5416a50d52be57f8a358406f4f2d

SHA256
e80db959bd102369b7d71ac17559ba5f292224797af6377a53d8f406711a5376

SHA512
065a215cf450c5eac446779f21e894453b77536da3909b404ffaa02552af71c238d47a66f79ad47b8dc1faddda989559789405650e0eb1f8fcb198792b5a5071

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c6a91de45125f6f1b776334ea95e2572

SHA1
28d531d7fbab5c2e1be900d26b34b6788211b23e

SHA256
80e90e2cbd5e3144df753ebccfec639d8377ad24192e1c03f6c9aca73363bbab

SHA512
34980d5686f3930428da9ad23a1b1fc24234c75448b3458df4c1b5cc9063f3c7af9099ea365bea41dcf3dbf0ea98a08c6a82f83d300ef38797852f7dc9265e64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
39f59667233b1fa6f244aef4bd7258e2

SHA1
69191e4347178fa80044884d323683a68c26b01c

SHA256
9192ca144206ac06371586aa4abdd22e4f90f7cbbf615e65fcc51f883ac3afb2

SHA512
0bbe046c15c27bfdb9944af5d52e9575dbc588b56eabce6bcba74f0fbcf474b6507c01a19656606af934afed881826ebac53fe90b36e8cc015a3b45c1fbf5ec3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d8cf266a2346168ae7ddcfa0ebd50430

SHA1
cef680e6e11cdf5139e013b8e42a4397528cce93

SHA256
21bf72b245109ea4285209777c1a01b09ce007fa2ee7938547e818684838c594

SHA512
a5d6e275ae0071754b5ca97945d64fdaf9f528b622ce011ca1f96f3c15e1c61d5bca35e8f898982f6d41dae1a4857382fa817f113888ec1aa5ba697dacddb78f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
0f509043077db42812f33f2e8094192e

SHA1
3810e83a08de8238c9cffa6f42545fdf17b1d860

SHA256
b5d1a96d55ef925d3b817f0d9549c57d7a40abd6cddf763b7a7b4a7269a593df

SHA512
185b067f4c5e647ded30bf567ba10d05017b77191c7d270610da66311a64b6680fa356b474dc0f19eb0cfde3040367678582e01d38adffd420665b9f7a6893a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
502f787ec9c414e79e34751d5894b62d

SHA1
ae0adb53d98209b9d72fcd13639461ca06986651

SHA256
98dfd96cf03fc34c52353471d9af5a6694e1be013e57346dbdd8bed4c101f55a

SHA512
07e12b1f8f791477ca3a5968e9f11bd467cb6ea337a428c13aeb62b367180be9f2cbf3f5038d8756ffa938a8f3d26ed81890e5c6759d0ceea6589360b3d416c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
f5374bf92976a3d3c2d525b8da4fb247

SHA1
faa520e134539b4c3c09d4f9742ff4b4d31ef25b

SHA256
3bb9d0725b2da73e8042afcf5fdfa964d90479baadc691f80578836fe3b31660

SHA512
733c23cc972b4635a3d2496383adcbd1acefdefb32e7f5f68a1bf633c90ab814195f5981983c1098b69d67d37f20b0da1941421f797703a7a0994d04cf047f63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
5985b0a03702ed3f80b616c3d0e178ee

SHA1
ac15e7b040854f071967f33286c9ebeddc320431

SHA256
a6f54cdf5a75221db921b6a50e31577b8847e9657016458f3712c171c8e53608

SHA512
ee9ee1e624774c006e6fdc0db334a1f7ef70137cdc1f5e30885b6f5fce3f35d155482a90b88f6aa3c83b7725bc35cae3abc3756e3b21ab8baa7a44ab5fa46c98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
8cb3fc2939a54f445627ce514f4d8830

SHA1
45d2f5876757482c57fb9c3c6009c0502b92de68

SHA256
4442fdc863701e8f5bcae6dece85f29d406c6ff5a5660dd07d7370cd907817e3

SHA512
bb4efbe19038a502534c4da2cf032583aa0c9ea26dc41219b351696cb245c5054429c22fb4aca8d3a56ffbd2c20e906d5824ff5d4c33b63636fd1570d36030d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\targeting.snapshot.json

Filesize
3KB

MD5
c0d0815bd2852c004d5b4353b25f56d6

SHA1
4ed7be0083c3e7b58cff5ac1fe58859b9858c0dc

SHA256
dc0e53d9df4e5669adcbf071c73633480d1ddec2fed193cc2b86e2ac7fb7c11d

SHA512
b7317dca5e1740b16b7637b926425c8dd552fee90a2c7d670dc5b353de3b12bafd3415fe63417caa598fb358eb41fd3d3d5af374a28b7c16e19ef56eda266562

Download Submit
memory/4980-859-0x000001ED36160000-0x000001ED36170000-memory.dmp

Filesize
64KB

Download
memory/4980-875-0x000001ED36260000-0x000001ED36270000-memory.dmp

Filesize
64KB

Download
memory/4980-891-0x000001ED3E5D0000-0x000001ED3E5D1000-memory.dmp

Filesize
4KB

Download
memory/4980-893-0x000001ED3E600000-0x000001ED3E601000-memory.dmp

Filesize
4KB

Download
memory/4980-894-0x000001ED3E600000-0x000001ED3E601000-memory.dmp

Filesize
4KB

Download
memory/4980-895-0x000001ED3E710000-0x000001ED3E711000-memory.dmp

Filesize
4KB

Download