9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
398s
max time network
388s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (9).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2908	triage - Copy (9).exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2908	triage - Copy (9).exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2908	triage - Copy (9).exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2832	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 4668 wrote to memory of 2832	4668	firefox.exe	91
PID 2832 wrote to memory of 5052	2832	firefox.exe	92
PID 2832 wrote to memory of 5052	2832	firefox.exe	92
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 628	2832	firefox.exe	93
PID 2832 wrote to memory of 4200	2832	firefox.exe	94
PID 2832 wrote to memory of 4200	2832	firefox.exe	94
PID 2832 wrote to memory of 4200	2832	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (9).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (9).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.0.376974663\1948038572" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed4d6397-bf13-4e17-8ef7-d382918c7c6b} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 1980 171675c1858 gpu
    3⤵
    PID:5052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.1.1500595094\1998813434" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2352 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e24b7661-7011-431a-ae20-7d954ce20dba} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 2384 1715ab72258 socket
    3⤵
    PID:628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.2.1817875391\117606426" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3044 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dacd714-5091-40c6-8862-c0e909245f77} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 3096 1716b486258 tab
    3⤵
    PID:4200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.3.1937169175\1637716317" -childID 2 -isForBrowser -prefsHandle 3188 -prefMapHandle 3524 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eab5579a-71bc-4dd7-99d8-91f7f5f6d24c} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 1408 1715ab70d58 tab
    3⤵
    PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.4.1925989302\2046134893" -childID 3 -isForBrowser -prefsHandle 3768 -prefMapHandle 3108 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65c893d8-e47c-4261-94d9-e77fc3d46e26} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 3780 17169ca7858 tab
    3⤵
    PID:3520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.5.1236610859\807707967" -childID 4 -isForBrowser -prefsHandle 4460 -prefMapHandle 4752 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a9d9367-b96a-4871-95c0-d754fb478c42} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 4684 1716d60e558 tab
    3⤵
    PID:4436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.6.1842629015\1849241172" -childID 5 -isForBrowser -prefsHandle 4860 -prefMapHandle 4436 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {481e1e1d-097a-411d-9f63-2b3db9e4ec10} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 4824 1716d60eb58 tab
    3⤵
    PID:4492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.7.523817798\1272640270" -childID 6 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6ffb332-0809-4992-8254-a93a8948b367} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 5168 1716cd97958 tab
    3⤵
    PID:3532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.8.414270585\914775712" -childID 7 -isForBrowser -prefsHandle 2820 -prefMapHandle 2812 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bd2fdf8-6ed0-4e46-906f-60714776235d} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 3752 1716b5c4958 tab
    3⤵
    PID:3632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.9.1850397218\1879948082" -childID 8 -isForBrowser -prefsHandle 2880 -prefMapHandle 5920 -prefsLen 26471 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c13f86fc-b00b-4f96-bb52-b8e11161815f} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 5932 1716e833a58 tab
    3⤵
    PID:2192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.10.1250214708\913889572" -parentBuildID 20221007134813 -prefsHandle 4932 -prefMapHandle 4920 -prefsLen 27463 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6afbc3f1-0723-457b-9859-46e913706fd3} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 5288 1716ea88858 rdd
    3⤵
    PID:5644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.11.836989147\1578983577" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5220 -prefMapHandle 4848 -prefsLen 27463 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa449ef8-625e-4ca4-bd2c-06b89589ca2c} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 5044 1716ea89158 utility
    3⤵
    PID:5632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.12.1406186163\917602725" -childID 9 -isForBrowser -prefsHandle 4900 -prefMapHandle 4916 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {204e4f91-771d-472c-8415-444bdccfef88} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 4892 1716ea8b258 tab
    3⤵
    PID:5732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\doomed\10197

Filesize
9KB

MD5
0ad67b225db2a027fae29d3352b85210

SHA1
fd7ee9684c9948261b78ec211be61b39b87571fd

SHA256
ba20e84fa1a40bf7f09f5040594e765a6af04042cf8c72e61aaed02a95d4273c

SHA512
ce3a61ee3c6a1991894fdf5bbb8f072306be064d170d40b1dff4c5016750ca5dfb15700ac261f0d1841e2b2ee8bc0a3e58312ad25094afeb90d6711213091a11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\doomed\25113

Filesize
9KB

MD5
3e282706943d929d48b6146781cd73f2

SHA1
4da8043d1e5911c170b9c7cb0b19b58abd9685d7

SHA256
7e47bec61b5e2d738ef8ddd2fcfd00f41478b826bf8cc8d20682790c3156d0fc

SHA512
e2f39d97718f23be385c311d77be8a38b287afea5450e8978f8cf8a19598958e0b50f7d3ed3ddc4f3155c51ab299b6cc13e492e2bb8c560a2b08370ac7573568

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\doomed\5698

Filesize
9KB

MD5
4c02efc2eccee442310904f80d582a67

SHA1
c2eff6be73df914072f53b180801c6bb6d499582

SHA256
1d8f12bf78b34cfac2d3f0d77a410803a14c6996ce35409e6601137116f70827

SHA512
416eb010ed98f4f0bc853342b27db07db31d013c633e06c94cb4a763e4fcf2793f0bd6644264cc66b711958ddaf9e0c48508d5f2b9fe32f96cbed9f60306453b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\entries\07F5049BAAC219B7CC8E5D0D7BC3FE00CFC59628

Filesize
8.1MB

MD5
013deacb6da6169d74ab69b495bc29ff

SHA1
e809bb3d71d0c694b4b1f1d0cb69c08a633827ba

SHA256
bf269d613d864d8e13f3e0378daa6739e021d972664b30ccaa05502cab4a0334

SHA512
531059953464ed94a82dc8ce72d0c925dfd92b4533d636dd1b9cc9d356bebcd82b9d4fc54d1c940b99e7c0cc008cefbae6e4cda770452948ef321535f82c19db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
0ca564dac88579f60d3e92a28e088e58

SHA1
572708985abff26b1a89a8efa741afc22e5eac69

SHA256
14cd9b6bbab0d676d6e274fd612df2e28ed188c5c52cfa3de72701e7a57a3be9

SHA512
7705d3e1ac39326d4f290bf6e9e2f6f4a4931a1fea37ec19bc58f3037a4f80306e68d7acbcd7ff12d148f27474d824705be47e32f98eceaeefcb227237b881d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
029391d8e3043acedc4a815861113c09

SHA1
1808b5bb14006681fb40e879dc78b5770cc5d20c

SHA256
bfc0db9f22945da73ce22d2129e20efd1df95b66293ce91e71d7d6ed37827765

SHA512
79bf10664b872ecdb624c3659de5c387beb3b8ada346d59412b47e2bd3a6fb62a92cfa2dea4bc57263760150bbcd474a83fe02fb98ce78378b8b37be46f29ac1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
ed3c81212f925fb722e79d2de954c68a

SHA1
5b9bf3f04ded5f5e99ad4d1166af85e41ba56624

SHA256
8e0843c5176d70d26c9e98b9f9ab2b3eb90f6441726bae883568fe355f25234c

SHA512
4dcae6e2f001fae8e46152cbb09520dd1ce1dc3dabb645ea8d1c6f283609c1eded5af4c719599d1e1dcdda6e1fdbf4e44aee2e9e80d5a39487a61acb90f1559e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
07ed984b825e2a4a107dfe91d85f9c32

SHA1
a5009ecf03a4da1d2d4c09d031f716ed7cfaccec

SHA256
7f0df8005bbca728801b2c914c621de7d33fdb237f5ad66c8e2725a789ca03ae

SHA512
2c3178b585f6ef9ec23f1837ed389e4cccad838f9da1a18b1dc57bbb83969828a4738168b06cb043404a8ab8689a4936c31299631a734d2b138bb8cda85d0974

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\pending_pings\2aea4cc7-5394-4fa8-9fa6-3d722334564e

Filesize
746B

MD5
1fdc9546041f166cdbe9409a076dadf2

SHA1
afb3f0587549614c2003e4369d97b5636a515341

SHA256
2cf5fb420eb3463d30ae99386889650b1f93bfa5310f9f81d60bb05bfbb978a0

SHA512
cd98589d64d2f29d08c8be7e4527edf2b7ee1e455d09d1c6f6de52d5efb32a10bdf18167950931b440733822ee027aa154e9a2093ba2d155a883dfcaab691eae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\pending_pings\bbaa4138-444b-48c7-8061-82212531d5bd

Filesize
12KB

MD5
be553ed44db0fc814385b7fe29047b0e

SHA1
6256b3381ece6fede35057ce9f7e97589095e48a

SHA256
a9fdb723489e6ed148a38309d35a2553027115c60f8607d36780c0e80f43ebfc

SHA512
e76a085c4512fb7884ac67f91da2a44069f6c4ea129ed843ff97f1ce7eb617ce7dcc645c9da7d1bedc515fc2828be5e9f2b065b0ffd785b5cce21385d57710db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
7KB

MD5
1d98a08dcde10a5264b9ebeff82c2b55

SHA1
875431a5ee9944a205da192ff4dc4271a0b2439c

SHA256
d87e01ee473e06c5e6e76726bdcdb7e94efdc628657795af770b5daf0856c135

SHA512
5ca84951cefe2f115d4b7c6a8c3382f26afc1cc06a82311ec04f7f07ee7d05909f25b72ff9999b879883e83d6ee2f8c795468d73bae54ebdb05057c544685bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
7KB

MD5
c42129101905c96a9ea19747bc494e73

SHA1
3cd8c422d9976911860ecaf95405a1cac32055f2

SHA256
644a59eea33a7e5d6d297ae4e9edff74ffd433bb51d22d4cb75c6b2febc13ba0

SHA512
fbacf15af4727c050d0b118159fe8fe68e8ded3dcfa22eb458a7eb10c7457a46835cea7d90a3aab3cc9df932a823a7c6de74bbcf52d2de176bfaabb5f7f8ff26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
6KB

MD5
685dfef463bd46d2224469f262b398e2

SHA1
100865c890ab102724942761b248d9c46210c7c2

SHA256
cf24b850d6197989c5b7bccf81c444e9fc5be53d84015c166c5783ac5be30ca6

SHA512
e4ce0397a1a5b197e3cc686225939adb36f6dba83828b6392f8129aec1395602a28b2b8a926d274b3edfed1bc303900486bcd064b50fa67e7aae69a322738145

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
543a409901dae7d48804d0557a0dcd27

SHA1
32f20e45bd6f2141b0375eea5078516a41ee44f8

SHA256
f94387e522f0805d08cce396c2c9eb22bd3b0be4d413aab918da5597a8a32765

SHA512
b5e500ca472434e732bab1f42ef0c2d0446994c9532ebef75bc27816b640afe125558a5eaa5261990d0b75d70573ba6d0116509ba02c5baae2e2207e91729589

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1022B

MD5
87dde2a11973b459aac54f40a7180a8e

SHA1
5502733a2f8e76644ea071a010c714155bb45b56

SHA256
8e68c042ef79c8b1280c88179f77717dc67a36317b699784a7a29205238d28a7

SHA512
aef6a3512dc60235b5c454a1fea358d8e2b0a37e52a6e877893bb13ab7269e4a569539d2fed4be9dc58fe53d8919c9a55a886bf4ab1ed0a1a5873321417883ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
81eadc94448d3c4caaeeef96a48ea752

SHA1
d5cc7f171b75eb18cba12ddbea05bc4294f441ab

SHA256
bc639cc8699b7e963b0bd2916dbae303668aab82d7522aff1b37e615b1670298

SHA512
2e7308ea90a4b254004465a62e361ff3cbf397312d9af231f0755ba79aa1b5c13bf72c4c0b9d6aa05cb0ac04ee806349e2bb6d0de7a4d3173478142a4fbd06a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
961db1fe36fa37ca0d4e950148caf9b0

SHA1
6ae85be7756380acf60fb05f20fa910142e63aa8

SHA256
1257da524ee89adc744e48b10ef91bab0dc1d8fb97f6626af889369f5f9dbf10

SHA512
3c875fe38dc4c0ede58f1da5268d83ee4b66a054b030064bdfd0c91a7c529f3a602fdc66e3c2202dfb27e5dc7eeae57af320de434f684ff59a5b3b08637dbf93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
b150d459b32a907ea3ae09e428cbeac1

SHA1
a89870934d943e84fb240b75ab3a90d3dc477e6f

SHA256
9dc42793c8b1655705cb50cb76dd8b4693ae3430fef0cd6641786c82d35227e1

SHA512
481fb84a99c3ac6a26bc33cc1ef2c2e36a40907a7dd06a279c8e65234134a2c2846ebfabbf9c6a5cb5fe0b651117bf6f26b07f6adad48f04313c5a5dbf378669

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
14c9bf1b621cfaba43b86689bc7496f5

SHA1
1d12759c03727427e92c2e1039d65775aea6851b

SHA256
3359434f6fcd22e9eb272fd47ec0c256160edd5ed257fe0227db28415074d3d0

SHA512
0949067287978757e573dfebd829ed5c1c16f021ca97ad07bc99af1a6c714944cf2aeb3c6ce5718740a4725eedd7ace8d66b5912c576e37a98d709c8ce547624

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b30df3b3daf663789ae3f3244f47de09

SHA1
3c2fa8681630e547faa11a84801c435fe519597e

SHA256
c741411981756c13b365cd7924e6a6cefd845873a6b895893ca03c0a19456982

SHA512
98284b2c540e695ef2147529e7a282d3b7d28b6c7c10512a0a72373393d8142178a0904fafe9ace51cfb6f0d0e1d1b6aadfe3c3d39f7f73e4ac99b435bb6e673

Download Submit